Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner "TR/Spy.Banker.FJ" (https://www.trojaner-board.de/92133-trojaner-tr-spy-banker-fj.html)

masi76 23.10.2010 08:30
Trojaner "TR/Spy.Banker.FJ"
 
Hallo Trojaner-Board-Team,

hatte vor ein paar Tagen die Meldung bekommen
"Windows shut down in less than one minute", in
Kombination mit dem Trojaner "TR/Inject.110592".
Habe einige Reinigungsprogramme (VirusTotal, MalwareBytes,
CCleaner) runtergeladen, mit denen ich die beiden
Probleme weitestgehend beheben konnte.

Nun ist allerdings wieder ein anderer Virus "TR/Spy.Banker.FJ"
aufgetaucht.

Könnt Ihr mir eventuell weiterhelfen?

Vielen Dank
masi76

Swisstreasure 23.10.2010 18:35
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system?
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird Gmer beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

masi76 25.10.2010 07:45
Code:
OTL logfile created on: 25/10/2010 08:26:52 - Run 2
OTL by OldTimer - Version 3.2.15.2    Folder = C:\Users\Markus\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1,013.00 Mb Total Physical Memory | 172.00 Mb Available Physical Memory | 17.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.41 Gb Total Space | 31.55 Gb Free Space | 45.46% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
 
Computer Name: PIM-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010/10/21 07:18:33 | 000,908,760 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/15 09:43:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
PRC - [2010/09/01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/31 07:01:57 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/06 06:52:50 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/10 09:40:10 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/10/15 09:43:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/01/19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/06 06:52:50 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/10 09:40:10 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/08/07 12:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2004/10/22 13:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Pim\AppData\Local\Temp\iatmunin.sys -- (iatmunin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/12/08 06:13:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/16 12:40:58 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/06/10 09:40:11 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/28 08:59:56 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/04/11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/01/03 16:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/03 16:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/15 08:24:00 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/06 12:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/06 12:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/02 16:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 13:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 13:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 13:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/09/26 01:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 19:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 19:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/31 07:08:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 07:18:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 07:18:53 | 000,000,000 | ---D | M]
 
[2008/11/11 19:54:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Extensions
[2010/10/25 08:31:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions
[2009/08/11 07:59:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/11 19:53:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/06 22:46:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/24 23:51:40 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/09/24 23:51:40 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/09/24 23:51:40 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/09/24 23:51:40 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/09/24 23:51:40 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ActiveX Cache Browser] c:\users\markus\appdata\roaming\TrusteerHelp\spuninst.exe File not found
O4 - HKCU..\Run: [Sysfla] C:\Users\Markus\AppData\Roaming\Adobe\Update\gdiapi.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{4e2e3c44-43a2-11df-b033-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4e2e3c44-43a2-11df-b033-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{4e2e3c77-43a2-11df-b033-0016d4b897a9}\Shell - "" = AutoRun
O33 - MountPoints2\{4e2e3c77-43a2-11df-b033-0016d4b897a9}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/10/21 18:02:02 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2010/10/21 18:01:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/21 18:01:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/21 18:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/21 18:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/20 07:32:18 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\CCleaner
[2010/10/19 09:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/10/19 09:51:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010/10/15 01:05:21 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/15 01:03:19 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/15 01:01:07 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/15 01:01:04 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/15 00:52:28 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/15 00:52:27 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/15 00:52:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/15 00:52:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/15 00:52:20 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/15 00:52:19 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/15 00:52:18 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/15 00:52:18 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/15 00:52:18 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/15 00:52:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/15 00:52:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/15 00:52:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/15 00:52:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/15 00:52:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/15 00:52:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/15 00:52:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/15 00:52:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/15 00:52:09 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/15 00:51:58 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/15 00:51:43 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/15 00:51:28 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/12 10:28:39 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp
[2010/09/29 13:10:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/05/19 20:45:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Markus\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010/10/25 08:36:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E0495AAD-2EAB-4DE3-8E88-75FCE69CDB54}.job
[2010/10/25 08:35:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/10/25 08:19:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/25 08:19:36 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/25 08:18:47 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/25 08:17:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/25 08:16:56 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/22 17:26:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/22 17:11:27 | 000,000,000 | ---- | M] () -- C:\Users\Markus\Saved
[2010/10/22 17:11:27 | 000,000,000 | ---- | M] () -- C:\Users\Markus\dir
[2010/10/22 17:11:26 | 000,000,000 | ---- | M] () -- C:\Users\Markus\notpad
[2010/10/22 17:05:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/21 18:01:45 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 07:32:23 | 000,000,598 | ---- | M] () -- C:\Users\Markus\Desktop\CCleaner.lnk
[2010/10/20 07:18:38 | 000,030,259 | ---- | M] () -- C:\Users\Markus\Desktop\hjtscanlist.bat
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/15 03:23:44 | 000,441,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010/10/22 17:11:27 | 000,000,000 | ---- | C] () -- C:\Users\Markus\Saved
[2010/10/22 17:11:26 | 000,000,000 | ---- | C] () -- C:\Users\Markus\notpad
[2010/10/22 17:11:26 | 000,000,000 | ---- | C] () -- C:\Users\Markus\dir
[2010/10/21 18:01:45 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 07:32:23 | 000,000,598 | ---- | C] () -- C:\Users\Markus\Desktop\CCleaner.lnk
[2010/05/19 20:45:14 | 000,000,033 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.log
[2010/05/19 20:45:13 | 000,087,608 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\inst.exe
[2010/05/19 20:45:13 | 000,007,887 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.cat
[2010/05/19 20:45:13 | 000,001,144 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.inf
[2009/10/21 15:14:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/12 15:22:52 | 000,059,904 | ---- | C] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 04:52:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/24 18:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\QSwitch.txt
[2008/10/24 18:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\DSwitch.txt
[2008/10/24 18:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\AtStart.txt
[2008/09/08 20:24:54 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2008/03/27 02:00:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/11/08 15:24:54 | 000,000,167 | ---- | C] () -- C:\Windows\wininit.ini
[2007/11/06 22:27:30 | 000,090,112 | ---- | C] () -- C:\Windows\System32\custmon2k.dll
[2007/09/20 19:50:48 | 000,009,793 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/07/14 11:51:35 | 000,001,634 | ---- | C] () -- C:\Windows\bsm.ini
[2007/06/20 13:19:09 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/06/06 12:23:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/06 13:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/06 11:05:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/06 11:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/06 11:00:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 09:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 09:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/10 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/01/24 11:29:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\lxaxlcnp.dll

< End of report >

Swisstreasure 25.10.2010 20:06
Wo bleibt das GMER Log?

masi76 26.10.2010 10:16
Code:
GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-10-26 11:13:50
Windows 6.0.6002 Service Pack 2
Running: rt85fdji.exe; Driver: C:\Users\Markus\AppData\Local\Temp\uwldapow.sys


---- System - GMER 1.0.15 ----

SSDT            886AB2AC                                                                                        ZwCreateThread
SSDT            886AB298                                                                                        ZwOpenProcess
SSDT            886AB29D                                                                                        ZwOpenThread
SSDT            886AB2A7                                                                                        ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 221                                                                    822C0984 4 Bytes  [AC, B2, 6A, 88]
.text          ntkrnlpa.exe!KeSetEvent + 3F1                                                                    822C0B54 4 Bytes  [98, B2, 6A, 88]
.text          ntkrnlpa.exe!KeSetEvent + 40D                                                                    822C0B70 4 Bytes  [9D, B2, 6A, 88]
.text          ntkrnlpa.exe!KeSetEvent + 621                                                                    822C0D84 4 Bytes  [A7, B2, 6A, 88]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd105d2a                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd105d2a@001963f1ab0c        0x8C 0x50 0x65 0x11 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583ba72f1                     
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd105d2a (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd105d2a@001963f1ab0c            0x8C 0x50 0x65 0x11 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583ba72f1 (not active ControlSet) 

---- EOF - GMER 1.0.15 ----

Swisstreasure 26.10.2010 21:57
Schritt 1
Code:
:OTL
O4 - HKCU..\Run: [Sysfla] C:\Users\Markus\AppData\Roaming\Adobe\Update\gdiapi.exe ()
O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{4e2e3c44-43a2-11df-b033-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4e2e3c44-43a2-11df-b033-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{4e2e3c77-43a2-11df-b033-0016d4b897a9}\Shell - "" = AutoRun
O33 - MountPoints2\{4e2e3c77-43a2-11df-b033-0016d4b897a9}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf http://larusso.trojaner-board.de/Images/otlfix2.jpg.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

masi76 27.10.2010 07:08
Hallo Swiss,

habe soeben noch den Scan von Windows RegistryBooster
laufen lassen. Habe jetzt noch 283 Viren in der Registry,
heisst, die Infizierung ist sehr hoch.

Mein Laptop läuft momentan allerding relativ normal...

OTL.exe und malwarebytes kommt gleich.

Vorab vielen Dank
masi76

masi76 27.10.2010 07:29
Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Sysfla deleted successfully.
C:\Users\Markus\AppData\Roaming\Adobe\Update\gdiapi.exe moved successfully.
D:\AUTOMODE moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e2e3c44-43a2-11df-b033-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e2e3c44-43a2-11df-b033-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e2e3c44-43a2-11df-b033-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e2e3c44-43a2-11df-b033-806e6f6e6963}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e2e3c77-43a2-11df-b033-0016d4b897a9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e2e3c77-43a2-11df-b033-0016d4b897a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e2e3c77-43a2-11df-b033-0016d4b897a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4e2e3c77-43a2-11df-b033-0016d4b897a9}\ not found.
File F:\setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Markus
->Temp folder emptied: 6284716 bytes
->Temporary Internet Files folder emptied: 1757553 bytes
->Java cache emptied: 4010929 bytes
->FireFox cache emptied: 92494794 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 13521604 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2122927 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 115.00 mb
 
 
OTL by OldTimer - Version 3.2.15.2 log created on 10272010_081522

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

masi76 27.10.2010 07:54
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4962

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

27/10/2010 08:52:44
mbam-log-2010-10-27 (08-52-44).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140652
Laufzeit: 17 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Swisstreasure 27.10.2010 11:28
Zitat:
habe soeben noch den Scan von Windows RegistryBooster
laufen lassen. Habe jetzt noch 283 Viren in der Registry,
heisst, die Infizierung ist sehr hoch.
Mache bitte NUR Das was ich schreibe. Ich habe dies ausdrücklich im ersten Post geschrieben!!
Zitat:
# Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
# Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Schritt 1

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.

Schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

masi76 27.10.2010 16:53
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d0981509bee53c42abe9a9defe537834
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-27 03:42:42
# local_time=2010-10-27 05:42:42 (+0100, W. Europe Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 428077 428077 0 0
# compatibility_mode=1024 16777215 100 0 75847330 75847330 0 0
# compatibility_mode=1797 16775165 100 100 514405 63703884 20827 0
# compatibility_mode=5892 16776573 100 100 29490 125721305 0 0
# compatibility_mode=8192 67108863 100 0 681 681 0 0
# scanned=133035
# found=0
# cleaned=0
# scan_time=5585

masi76 27.10.2010 17:35
Code:
OTL logfile created on: 27/10/2010 18:22:39 - Run 4
OTL by OldTimer - Version 3.2.15.2    Folder = C:\Users\Markus\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1,013.00 Mb Total Physical Memory | 313.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.41 Gb Total Space | 29.58 Gb Free Space | 42.62% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
 
Computer Name: PIM-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010/10/15 09:43:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
PRC - [2010/09/15 13:18:42 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/09/01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/31 07:01:57 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/06 06:52:50 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/10 09:40:10 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/10/15 09:43:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/01/19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/06 06:52:50 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/10 09:40:10 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/08/07 12:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2004/10/22 13:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Pim\AppData\Local\Temp\iatmunin.sys -- (iatmunin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/12/08 06:13:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/16 12:40:58 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/06/10 09:40:11 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/28 08:59:56 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/04/11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/01/03 16:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/03 16:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/15 08:24:00 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/06 12:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/06 12:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/02 16:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 13:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 13:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 13:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/09/26 01:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 19:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 19:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/31 07:08:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 07:18:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 07:18:53 | 000,000,000 | ---D | M]
 
[2008/11/11 19:54:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Extensions
[2010/10/27 08:47:22 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions
[2009/08/11 07:59:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/11 19:53:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/06 22:46:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/24 23:51:40 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/09/24 23:51:40 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/09/24 23:51:40 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/09/24 23:51:40 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/09/24 23:51:40 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ActiveX Cache Browser] c:\users\markus\appdata\roaming\TrusteerHelp\spuninst.exe File not found
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/10/27 15:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/27 08:15:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/27 07:46:47 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Uniblue
[2010/10/27 07:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/10/21 18:02:02 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2010/10/21 18:01:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/21 18:01:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/21 18:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/21 18:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/20 07:32:18 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\CCleaner
[2010/10/19 09:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/10/19 09:51:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010/10/12 10:28:39 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp
[2010/09/15 06:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/09/14 10:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/09/14 10:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/09/14 06:46:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/09/14 06:46:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/09/14 06:46:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/05/19 20:45:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Markus\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 90 Days ==========
 
[2010/10/27 18:25:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/10/27 18:21:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E0495AAD-2EAB-4DE3-8E88-75FCE69CDB54}.job
[2010/10/27 18:05:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/27 17:21:25 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/27 17:21:25 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/27 14:46:26 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/27 14:46:25 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010/10/27 14:45:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/27 13:20:59 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/27 13:20:56 | 601,630,694 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/27 08:16:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/27 07:46:38 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/10/27 07:46:37 | 000,000,913 | ---- | M] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/10/22 17:11:27 | 000,000,000 | ---- | M] () -- C:\Users\Markus\Saved
[2010/10/22 17:11:27 | 000,000,000 | ---- | M] () -- C:\Users\Markus\dir
[2010/10/22 17:11:26 | 000,000,000 | ---- | M] () -- C:\Users\Markus\notpad
[2010/10/21 18:01:45 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 07:32:23 | 000,000,598 | ---- | M] () -- C:\Users\Markus\Desktop\CCleaner.lnk
[2010/10/20 07:18:38 | 000,030,259 | ---- | M] () -- C:\Users\Markus\Desktop\hjtscanlist.bat
[2010/10/15 03:23:44 | 000,441,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/16 14:11:12 | 000,609,964 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/16 14:11:12 | 000,107,380 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/15 06:02:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/09/15 06:01:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2010/10/27 13:20:56 | 601,630,694 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/27 07:47:00 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2010/10/27 07:46:38 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010/10/27 07:46:37 | 000,000,913 | ---- | C] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\RegistryBooster.lnk
[2010/10/22 17:11:27 | 000,000,000 | ---- | C] () -- C:\Users\Markus\Saved
[2010/10/22 17:11:26 | 000,000,000 | ---- | C] () -- C:\Users\Markus\notpad
[2010/10/22 17:11:26 | 000,000,000 | ---- | C] () -- C:\Users\Markus\dir
[2010/10/21 18:01:45 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 07:32:23 | 000,000,598 | ---- | C] () -- C:\Users\Markus\Desktop\CCleaner.lnk
[2010/09/15 06:02:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/09/15 06:01:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/08/07 23:41:45 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/19 20:45:14 | 000,000,033 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.log
[2010/05/19 20:45:13 | 000,087,608 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\inst.exe
[2010/05/19 20:45:13 | 000,007,887 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.cat
[2010/05/19 20:45:13 | 000,001,144 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.inf
[2009/10/21 15:14:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/12 15:22:52 | 000,059,904 | ---- | C] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 04:52:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/24 18:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\QSwitch.txt
[2008/10/24 18:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\DSwitch.txt
[2008/10/24 18:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\AtStart.txt
[2008/09/08 20:24:54 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2008/03/27 02:00:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/11/08 15:24:54 | 000,000,167 | ---- | C] () -- C:\Windows\wininit.ini
[2007/11/06 22:27:30 | 000,090,112 | ---- | C] () -- C:\Windows\System32\custmon2k.dll
[2007/09/20 19:50:48 | 000,009,793 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/07/14 11:51:35 | 000,001,634 | ---- | C] () -- C:\Windows\bsm.ini
[2007/06/20 13:19:09 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/06/06 12:23:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/06 13:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/06 11:05:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/06 11:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/06 11:00:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 09:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 09:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/10 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/01/24 11:29:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\lxaxlcnp.dll
 
========== LOP Check ==========
 
[2009/11/13 19:11:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\AvaTrader
[2009/08/26 07:58:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HaCon
[2008/11/01 12:35:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PC Suite
[2009/05/20 09:48:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Thunderbird
[2010/10/22 14:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp
[2010/10/27 07:46:48 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Uniblue
[2010/05/19 20:45:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Vso
[2010/10/27 14:46:25 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2010/10/27 08:17:03 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/27 18:25:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/10/27 18:21:00 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E0495AAD-2EAB-4DE3-8E88-75FCE69CDB54}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2007/05/31 12:24:09 | 000,000,090 | ---- | M] () -- C:\bcmwl6.log
[2009/04/11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/10/14 17:36:32 | 000,011,898 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/10/27 13:20:59 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2007/02/01 10:24:24 | 000,258,048 | ---- | M] (Hewlett-Packard) -- C:\hpzids01.dll
[2008/02/25 22:11:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/02/25 22:11:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/27 13:20:57 | 1377,177,600 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006/11/02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/09/13 14:50:46 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006/09/18 23:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/02 12:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2007/03/28 14:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2008/01/19 09:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2002/02/19 19:38:15 | 000,077,824 | ---- | M] (Lexmark International) -- C:\Windows\System32\spool\prtprocs\w32x86\LXAXPP5C.DLL
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008/10/14 22:56:33 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 13:41:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 13:41:25 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2008/01/19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-27 05:58:31

< End of report >

Swisstreasure 28.10.2010 14:04
Bestehen noch Probleme?

masi76 28.10.2010 14:12
Hallo swiss,

sieht wieder sehr gut aus!

Hier für erst mal ein grosses Danke schön!!!

:daumenhoc

Eine abschliessende Frage hätte ich noch,
wenn ich mein Laptop hochfahre, sobald
mir mein Desktop mit den icons angezeigt
wird, kommt seit dieser Virusgeschichte
auch eine Meldung aus der Taskleiste
unten am Bildschirmrand "windows has blocked
starup programs...".

Habe ein bisschen Sorgen, dass sich da auch
noch etwas im Windows Defender eingeschlichen
hat.

Kann das denn sein?

Gruss
masi76

Swisstreasure 28.10.2010 18:34
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

http://i266.photobucket.com/albums/i...ownload_FF.gif

http://i94.photobucket.com/albums/l8...x-Download.png
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
    • Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
    • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

masi76 29.10.2010 07:21
Habe exakt wie von Dir vorgegeben die ComboFix entsprechend auf dem
Desktop gespeichert. Mein AntivirAvira vorübergehend auch deaktiviert,
allerdings meldet mir ComboFix, dass anscheinend eine Spyware/Antivirussystem
"Norton Internet Security" noch aktiviert sei. Habe dieses Programm
aber gar nicht bei "install/deinstall programs" bei mir auf dem Rechner gefunden...

Habe daher gar nicht erst weiter gemacht, da auch von ComboFix vor Systemschäden
etc. gewarnt wurde.

Hast Du noch eine Idee?

Gruss masi76

Swisstreasure 29.10.2010 13:37
Führe den Norton Remover aus.

masi76 29.10.2010 19:04
Ausgeführt.

Mal sehen...

masi76 29.10.2010 19:14
Darf ich jetzt nochmal die ComboFix laufen lassen?

Swisstreasure 29.10.2010 21:38
Genau :) Jetzt sollte es klappen.

masi76 30.10.2010 07:51
Code:
ComboFix 10-10-28.02 - Markus 30/10/2010  7:22.2.1 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.44.1033.18.1013.220 [GMT 2:00]
Running from: c:\users\Markus\Desktop\Combo-Fix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Markus\AppData\Roaming\inst.exe
c:\windows\system32\zip32.dll

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS


(((((((((((((((((((((((((  Files Created from 2010-09-28 to 2010-10-30  )))))))))))))))))))))))))))))))
.

2010-10-30 05:52 . 2010-10-07 23:21        6146896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8818B49-6A35-4860-B966-C0E6C66E4440}\mpengine.dll
2010-10-30 05:40 . 2010-10-30 05:40        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-10-27 13:58 . 2010-10-27 13:58        --------        d-----w-        c:\program files\ESET
2010-10-27 06:15 . 2010-10-27 06:15        --------        d-----w-        C:\_OTL
2010-10-27 05:57 . 2010-08-26 16:34        1696256        ----a-w-        c:\windows\system32\gameux.dll
2010-10-27 05:56 . 2010-08-26 16:33        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2010-10-27 05:56 . 2010-08-26 14:23        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-21 16:02 . 2010-10-21 16:02        --------        d-----w-        c:\users\Markus\AppData\Roaming\Malwarebytes
2010-10-21 16:01 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-21 16:01 . 2010-10-21 16:01        --------        d-----w-        c:\programdata\Malwarebytes
2010-10-21 16:01 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-10-21 16:01 . 2010-10-21 16:01        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-10-19 07:51 . 2010-10-22 15:15        --------        d-----w-        c:\program files\trend micro
2010-10-19 07:51 . 2010-10-19 07:52        --------        d-----w-        C:\rsit
2010-10-14 23:05 . 2010-09-13 13:56        168960        ----a-w-        c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 23:05 . 2010-09-13 13:56        8147456        ----a-w-        c:\windows\system32\wmploc.DLL
2010-10-14 23:03 . 2010-09-06 16:20        125952        ----a-w-        c:\windows\system32\srvsvc.dll
2010-10-14 23:03 . 2010-09-06 13:45        304128        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-10-14 23:03 . 2010-09-06 13:45        145408        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-10-14 23:03 . 2010-09-06 13:45        102400        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2010-10-14 23:03 . 2010-09-06 16:19        17920        ----a-w-        c:\windows\system32\netevent.dll
2010-10-14 23:01 . 2010-08-10 15:53        274944        ----a-w-        c:\windows\system32\schannel.dll
2010-10-14 23:01 . 2010-06-28 17:00        1316864        ----a-w-        c:\windows\system32\ole32.dll
2010-10-14 23:01 . 2010-06-28 14:54        339968        ----a-w-        c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 23:01 . 2010-08-31 15:46        954752        ----a-w-        c:\windows\system32\mfc40.dll
2010-10-14 23:01 . 2010-08-31 15:46        954288        ----a-w-        c:\windows\system32\mfc40u.dll
2010-10-14 22:51 . 2010-08-31 13:27        2038272        ----a-w-        c:\windows\system32\win32k.sys
2010-10-14 22:51 . 2010-05-04 19:13        231424        ----a-w-        c:\windows\system32\msshsq.dll
2010-10-14 22:51 . 2010-08-20 16:05        867328        ----a-w-        c:\windows\system32\wmpmde.dll
2010-10-14 22:51 . 2010-08-31 15:44        531968        ----a-w-        c:\windows\system32\comctl32.dll
2010-10-12 08:28 . 2010-10-22 12:04        --------        d-----w-        c:\users\Markus\AppData\Roaming\TrusteerHelp

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 22:27        222080        ------w-        c:\windows\system32\MpSigStub.exe
2010-08-26 16:33 . 2010-10-27 05:56        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 05:57        2159616        ----a-w-        c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 05:56        458752        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 05:56        542720        ----a-w-        c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-16 04:36        128000        ----a-w-        c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-31 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9deaa14fed3cc;Google Update Service (gupdate1c9deaa14fed3cc);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 133104]
R3 iatmunin;iatmunin;c:\users\Pim\AppData\Local\Temp\iatmunin.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 09:02]

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 09:02]

2010-10-30 c:\windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]

2010-10-30 c:\windows\Tasks\User_Feed_Synchronization-{E0495AAD-2EAB-4DE3-8E88-75FCE69CDB54}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
mSearchMigratedDefaultURL = hxxp://www.Google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-ActiveX Cache Browser - c:\users\markus\appdata\roaming\TrusteerHelp\spuninst.exe
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
HKU-Default-Run-brastk - c:\windows\system32\brastk.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-30 07:46
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2010-10-30  08:11:36 - machine was rebooted
ComboFix-quarantined-files.txt  2010-10-30 06:11
ComboFix2.txt  2008-10-14 15:36

Pre-Run: 30,869,000,192 bytes free
Post-Run: 31,380,422,656 bytes free

- - End Of File - - EC72E75413EA4EDA8470A6D230D6BFBF

masi76 30.10.2010 07:53
Hat anscheinend alles soweit funktioniert. Das Icon in der unteren Taskleiste ist
bis jetzt immer noch da und die Meldung "Windows has blocked..." erscheint auch
noch beim Hochfahren des Laptops.

Gruss masi76

Swisstreasure 30.10.2010 15:43
  • Dowloade Dir bitte TDSS Killer.zip und speichere es am Desktop.
  • Extrahiere den Inhalt der Datei auf deinem Desktop.
    Gehe sicher das die TDSSKiller.exe am Desktop ist. Nicht in einem Ordner.
    • Schließe alle laufenden Programme.
    • Trenne dich von Internet.
    • Deaktiviere deine AntiViren Software.
  • Starte TDSSkiller.exe mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start scan.
  • Sollte die Meldung "Hidden service detected" schreiben keinesfalls irgendetwas hinein..Drücke nur ENTER !!!
  • Wenn das Tool fertig ist, poppt ein Fenster mit den Funden auf.
    Dieses bitte einfach schließen.
  • Nun auf Report klicken.
  • Bitte poste mir den Inhalt hier in deinen Thread.
    (auch zu finden unter C:\TDSSKiller<time_date>.txt)

masi76 31.10.2010 02:02
Laut TDSS-Killer hat der Scan nix gefunden...
Aber schau Dir das Logfile selbst an.

masi76 31.10.2010 02:02
Code:
2010/10/31 02:55:01.0126        TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/31 02:55:01.0126        ================================================================================
2010/10/31 02:55:01.0126        SystemInfo:
2010/10/31 02:55:01.0126       
2010/10/31 02:55:01.0126        OS Version: 6.0.6002 ServicePack: 2.0
2010/10/31 02:55:01.0126        Product type: Workstation
2010/10/31 02:55:01.0126        ComputerName: PIM-PC
2010/10/31 02:55:01.0126        UserName: Markus
2010/10/31 02:55:01.0126        Windows directory: C:\Windows
2010/10/31 02:55:01.0126        System windows directory: C:\Windows
2010/10/31 02:55:01.0126        Processor architecture: Intel x86
2010/10/31 02:55:01.0126        Number of processors: 1
2010/10/31 02:55:01.0126        Page size: 0x1000
2010/10/31 02:55:01.0126        Boot type: Normal boot
2010/10/31 02:55:01.0126        ================================================================================
2010/10/31 02:55:02.0015        Initialize success
2010/10/31 02:55:08.0895        ================================================================================
2010/10/31 02:55:08.0895        Scan started
2010/10/31 02:55:08.0895        Mode: Manual;
2010/10/31 02:55:08.0895        ================================================================================
2010/10/31 02:55:11.0484        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/10/31 02:55:11.0687        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/10/31 02:55:11.0827        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/10/31 02:55:11.0983        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/10/31 02:55:12.0077        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/10/31 02:55:12.0280        AFD            (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/10/31 02:55:12.0436        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/10/31 02:55:12.0592        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/10/31 02:55:12.0717        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/10/31 02:55:12.0841        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/10/31 02:55:12.0951        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/10/31 02:55:13.0060        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/10/31 02:55:13.0231        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/10/31 02:55:13.0606        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/10/31 02:55:13.0746        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/10/31 02:55:13.0918        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/31 02:55:14.0027        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/10/31 02:55:14.0199        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/10/31 02:55:14.0417        avgntflt        (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/10/31 02:55:14.0589        avipbb          (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
2010/10/31 02:55:14.0776        BCM43XV        (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/10/31 02:55:14.0901        BCM43XX        (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
2010/10/31 02:55:15.0057        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/10/31 02:55:15.0337        bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/31 02:55:15.0462        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/10/31 02:55:15.0556        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/10/31 02:55:15.0712        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/10/31 02:55:15.0821        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/10/31 02:55:15.0930        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/10/31 02:55:15.0993        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/10/31 02:55:16.0117        BthEnum        (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/10/31 02:55:16.0242        BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/10/31 02:55:16.0383        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/10/31 02:55:16.0507        BTHPORT        (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/10/31 02:55:16.0679        BTHUSB          (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/10/31 02:55:16.0929        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/31 02:55:17.0038        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/31 02:55:17.0241        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/10/31 02:55:17.0365        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/10/31 02:55:17.0553        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/31 02:55:17.0662        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/10/31 02:55:17.0787        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/31 02:55:17.0896        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/10/31 02:55:18.0005        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/10/31 02:55:18.0239        DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/10/31 02:55:18.0442        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/10/31 02:55:18.0676        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/10/31 02:55:18.0801        DXGKrnl        (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/31 02:55:18.0957        E100B          (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
2010/10/31 02:55:19.0128        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/10/31 02:55:19.0347        eabfiltr        (a6476585b4fefee46a9f42e4d2bfdfa4) C:\Windows\system32\DRIVERS\eabfiltr.sys
2010/10/31 02:55:19.0534        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/10/31 02:55:19.0752        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/10/31 02:55:20.0049        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/10/31 02:55:20.0142        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/10/31 02:55:20.0220        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/31 02:55:20.0392        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/10/31 02:55:20.0485        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/10/31 02:55:20.0563        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/31 02:55:20.0688        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/10/31 02:55:20.0891        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/31 02:55:21.0031        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/10/31 02:55:21.0156        GEARAspiWDM    (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2010/10/31 02:55:21.0343        HBtnKey        (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2010/10/31 02:55:21.0468        HdAudAddService (de4020f928a2f8a6327f5687f36d361b) C:\Windows\system32\drivers\CHDART.sys
2010/10/31 02:55:21.0640        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/31 02:55:21.0749        HidBth          (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
2010/10/31 02:55:21.0858        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/10/31 02:55:22.0014        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/31 02:55:22.0170        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/10/31 02:55:22.0342        HSFHWAZL        (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2010/10/31 02:55:22.0482        HSF_DPV        (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2010/10/31 02:55:22.0638        HSXHWAZL        (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2010/10/31 02:55:22.0763        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/10/31 02:55:22.0903        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/10/31 02:55:23.0044        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/31 02:55:23.0309        ialm            (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/10/31 02:55:23.0496        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/10/31 02:55:23.0824        igfx            (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/10/31 02:55:23.0917        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/10/31 02:55:24.0089        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/10/31 02:55:24.0167        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/31 02:55:24.0292        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/31 02:55:24.0495        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/10/31 02:55:24.0619        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/10/31 02:55:24.0744        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/10/31 02:55:24.0853        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/10/31 02:55:24.0994        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/31 02:55:25.0072        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/10/31 02:55:25.0150        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/10/31 02:55:25.0243        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/31 02:55:25.0353        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/31 02:55:25.0493        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/31 02:55:25.0743        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/31 02:55:25.0899        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/10/31 02:55:25.0992        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/10/31 02:55:26.0101        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/10/31 02:55:26.0195        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/10/31 02:55:26.0304        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2010/10/31 02:55:26.0398        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/10/31 02:55:26.0491        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/10/31 02:55:26.0632        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/31 02:55:26.0725        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/31 02:55:26.0803        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/31 02:55:26.0928        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/10/31 02:55:27.0069        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/10/31 02:55:27.0209        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/31 02:55:27.0349        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/10/31 02:55:27.0474        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/31 02:55:27.0568        mrxsmb          (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/31 02:55:27.0693        mrxsmb10        (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/31 02:55:27.0786        mrxsmb20        (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/31 02:55:27.0958        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2010/10/31 02:55:28.0051        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/10/31 02:55:28.0239        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/10/31 02:55:28.0332        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/10/31 02:55:28.0504        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/31 02:55:28.0613        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/31 02:55:28.0675        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/10/31 02:55:28.0785        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/10/31 02:55:28.0894        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/31 02:55:28.0987        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/10/31 02:55:29.0050        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/10/31 02:55:29.0221        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/31 02:55:29.0377        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/10/31 02:55:29.0518        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/31 02:55:29.0643        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/31 02:55:29.0830        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/31 02:55:29.0970        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/10/31 02:55:30.0095        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/31 02:55:30.0173        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/31 02:55:30.0329        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/10/31 02:55:30.0469        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/10/31 02:55:30.0610        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/31 02:55:30.0750        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/10/31 02:55:30.0875        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/10/31 02:55:31.0031        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/10/31 02:55:31.0125        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/10/31 02:55:31.0203        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/10/31 02:55:31.0327        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/10/31 02:55:31.0593        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/10/31 02:55:31.0827        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/10/31 02:55:31.0920        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/10/31 02:55:31.0998        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/10/31 02:55:32.0123        pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2010/10/31 02:55:32.0248        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/10/31 02:55:32.0310        pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/10/31 02:55:32.0419        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/10/31 02:55:32.0529        pcouffin        (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/10/31 02:55:32.0731        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/10/31 02:55:33.0168        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/31 02:55:33.0324        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/10/31 02:55:33.0527        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/31 02:55:33.0621        PxHelp20        (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
2010/10/31 02:55:33.0777        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/10/31 02:55:33.0886        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/10/31 02:55:34.0026        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/31 02:55:34.0151        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/31 02:55:34.0291        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/31 02:55:34.0432        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/31 02:55:34.0494        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/31 02:55:34.0635        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/31 02:55:34.0759        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/31 02:55:34.0869        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/10/31 02:55:35.0009        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/31 02:55:35.0118        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/10/31 02:55:35.0290        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/10/31 02:55:35.0493        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/31 02:55:35.0602        RTL8023xp      (dda0d5842335e78e375e96c308858a61) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2010/10/31 02:55:35.0695        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/10/31 02:55:35.0883        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/10/31 02:55:36.0023        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/10/31 02:55:36.0117        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/10/31 02:55:36.0226        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/10/31 02:55:36.0413        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/10/31 02:55:36.0507        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/10/31 02:55:36.0600        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/10/31 02:55:36.0678        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/10/31 02:55:36.0819        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/10/31 02:55:36.0912        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/10/31 02:55:36.0990        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/10/31 02:55:37.0162        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/10/31 02:55:37.0333        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/10/31 02:55:37.0489        srv            (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/10/31 02:55:37.0567        srv2            (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/31 02:55:37.0661        srvnet          (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/31 02:55:37.0786        ssmdrv          (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/10/31 02:55:37.0879        StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
2010/10/31 02:55:38.0020        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/31 02:55:38.0129        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/10/31 02:55:38.0223        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/10/31 02:55:38.0316        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/10/31 02:55:38.0441        SynTP          (81cf7aa63bb3cca31e1d1944c0a45fc7) C:\Windows\system32\DRIVERS\SynTP.sys
2010/10/31 02:55:38.0706        Tcpip          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/10/31 02:55:38.0893        Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/31 02:55:38.0987        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/31 02:55:39.0096        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/10/31 02:55:39.0174        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/10/31 02:55:39.0283        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/31 02:55:39.0377        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/31 02:55:39.0642        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/31 02:55:39.0783        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/10/31 02:55:39.0939        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/31 02:55:40.0063        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/10/31 02:55:40.0204        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/31 02:55:40.0422        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/10/31 02:55:40.0531        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/10/31 02:55:40.0672        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/10/31 02:55:40.0781        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/10/31 02:55:40.0906        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/31 02:55:41.0389        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/10/31 02:55:41.0530        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/31 02:55:41.0655        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/10/31 02:55:41.0826        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/31 02:55:41.0982        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/31 02:55:42.0138        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/10/31 02:55:42.0263        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/31 02:55:42.0466        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/31 02:55:42.0653        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/31 02:55:42.0809        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/31 02:55:43.0059        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/31 02:55:43.0199        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/10/31 02:55:43.0371        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/10/31 02:55:43.0464        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/10/31 02:55:43.0589        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/10/31 02:55:43.0714        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/10/31 02:55:43.0854        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/10/31 02:55:44.0010        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/10/31 02:55:44.0151        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/10/31 02:55:44.0353        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/10/31 02:55:44.0525        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/31 02:55:44.0603        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/31 02:55:44.0790        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/10/31 02:55:44.0946        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/31 02:55:45.0352        winachsf        (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2010/10/31 02:55:45.0742        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/31 02:55:46.0038        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/10/31 02:55:46.0288        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/31 02:55:46.0584        XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2010/10/31 02:55:46.0943        ================================================================================
2010/10/31 02:55:46.0943        Scan finished
2010/10/31 02:55:46.0943        ================================================================================

Swisstreasure 31.10.2010 21:16
Mach einmal ein Screenshot von diesem ICON.

masi76 02.11.2010 07:56
Liste der Anhänge anzeigen (Anzahl: 1)
Hier der screenshot. Hoffe es hilft weiter.

Swisstreasure 02.11.2010 13:27
Ich meine nicht dieses :)

Ich meine das was Du hier erwähnst:
Zitat:
Das Icon in der unteren Taskleiste ist
bis jetzt immer noch da und die Meldung "Windows has blocked..." erscheint auch
noch beim Hochfahren des Laptops.

masi76 02.11.2010 15:34
Sorry, habe ich falsch verstaden...

masi76 02.11.2010 15:41
Liste der Anhänge anzeigen (Anzahl: 1)
.......................................

masi76 02.11.2010 15:43
Ich hoffe, es ist halbwegs sichtbar.
Das vierte icon von links ist der "Übeltäter"!

Swisstreasure 02.11.2010 18:00
Dann klick einmal an und sage mir welches Programm das geblockt wird :)
Das ist eine offizielle Meldung von Windows.

masi76 02.11.2010 19:19
Hab Dir der Einfachheit halber nochmal einen Screenshot gemacht.
Hilft das?

masi76 02.11.2010 19:21
Liste der Anhänge anzeigen (Anzahl: 1)
............................

Swisstreasure 02.11.2010 19:22
Und dieses Programm wird geblockt?

masi76 03.11.2010 06:11
Das zeigt es mir an, wenn ich auf das icon klicke.
Welches startup-Programm genau geblockt wird,
weiss ich nicht. Es dauert auf jeden Fall immer recht
lange bis alle icons auf dem Desktop angezeigt werden.
Wie gesagt, dieses icon bzw. diese Meldung hatte ich bis vor ein paar
Wochen noch nicht auf der Taskleiste und mein Rechner
fuhr auf jeden Fall wesentlich schneller hoch.

Swisstreasure 06.11.2010 20:19
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

masi76 07.11.2010 08:21
Code:
OTL logfile created on: 07/11/2010 07:52:32 - Run 5
OTL by OldTimer - Version 3.2.15.2    Folder = C:\Users\Markus\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1,013.00 Mb Total Physical Memory | 384.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.41 Gb Total Space | 30.03 Gb Free Space | 43.27% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
 
Computer Name: PIM-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010/10/15 08:43:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
PRC - [2010/09/01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/31 06:01:57 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/06 05:52:50 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/10 08:40:10 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/10/15 08:43:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/06 05:52:50 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/10 08:40:10 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/08/07 11:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2004/10/22 12:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Pim\AppData\Local\Temp\iatmunin.sys -- (iatmunin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/12/08 05:13:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/10 08:40:11 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/28 07:59:56 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/01/03 15:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/03 15:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/15 07:24:00 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/06 11:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/06 11:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/02 15:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 12:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 12:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 12:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/09/26 00:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 18:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/31 06:08:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 06:18:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 06:18:53 | 000,000,000 | ---D | M]
 
[2008/11/11 18:54:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Extensions
[2010/11/07 07:50:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions
[2009/08/11 06:59:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/11 18:53:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/06 21:46:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/24 22:51:40 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/09/24 22:51:40 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/09/24 22:51:40 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/09/24 22:51:40 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/09/24 22:51:40 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/10/30 06:45:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/10/30 06:45:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/10/30 06:40:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/30 06:17:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/30 06:17:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/30 06:15:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/29 07:02:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/27 14:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/27 07:15:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/26 10:30:08 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Markus\Desktop\TDSSKiller.exe
[2010/10/21 17:02:02 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2010/10/21 17:01:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/21 17:01:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/21 17:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/21 17:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/19 08:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/10/19 08:51:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010/10/12 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp
[2010/09/15 05:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/09/14 09:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/09/14 09:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/09/14 05:46:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/09/14 05:46:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/09/14 05:46:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/05/19 19:45:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Markus\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 90 Days ==========
 
[2010/11/07 07:56:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E0495AAD-2EAB-4DE3-8E88-75FCE69CDB54}.job
[2010/11/07 07:55:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/11/07 07:36:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/07 07:36:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/07 07:36:38 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/07 07:33:53 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/07 07:32:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/07 07:32:34 | 1061,310,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/06 10:42:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/06 10:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/04 05:23:06 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/04 05:23:06 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/02 19:16:49 | 000,113,912 | ---- | M] () -- C:\Users\Markus\Desktop\Capture_blocked.JPG
[2010/11/02 07:48:44 | 000,001,680 | ---- | M] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/10/31 01:52:36 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Markus\Desktop\TDSSKiller.exe
[2010/10/30 06:45:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/29 06:50:14 | 003,886,271 | R--- | M] () -- C:\Users\Markus\Desktop\Combo-Fix.exe
[2010/10/28 12:18:38 | 464,742,374 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/22 16:11:27 | 000,000,000 | ---- | M] () -- C:\Users\Markus\Saved
[2010/10/22 16:11:27 | 000,000,000 | ---- | M] () -- C:\Users\Markus\dir
[2010/10/22 16:11:26 | 000,000,000 | ---- | M] () -- C:\Users\Markus\notpad
[2010/10/21 17:01:45 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/15 02:23:44 | 000,441,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/15 05:02:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/09/15 05:01:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2010/11/02 19:16:48 | 000,113,912 | ---- | C] () -- C:\Users\Markus\Desktop\Capture_blocked.JPG
[2010/11/02 07:48:44 | 000,001,680 | ---- | C] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/10/30 07:45:40 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/30 06:17:49 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/30 06:17:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/30 06:17:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/30 06:17:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/30 06:17:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/29 06:59:48 | 003,886,271 | R--- | C] () -- C:\Users\Markus\Desktop\Combo-Fix.exe
[2010/10/27 12:20:56 | 464,742,374 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/22 16:11:27 | 000,000,000 | ---- | C] () -- C:\Users\Markus\Saved
[2010/10/22 16:11:26 | 000,000,000 | ---- | C] () -- C:\Users\Markus\notpad
[2010/10/22 16:11:26 | 000,000,000 | ---- | C] () -- C:\Users\Markus\dir
[2010/10/21 17:01:45 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 05:02:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/09/15 05:01:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/19 19:45:14 | 000,000,033 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.log
[2010/05/19 19:45:13 | 000,007,887 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.cat
[2010/05/19 19:45:13 | 000,001,144 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.inf
[2009/10/21 14:14:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/12 14:22:52 | 000,059,904 | ---- | C] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 03:52:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\QSwitch.txt
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\DSwitch.txt
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\AtStart.txt
[2008/09/08 19:24:54 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2008/03/27 01:00:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/11/08 14:24:54 | 000,000,167 | ---- | C] () -- C:\Windows\wininit.ini
[2007/11/06 21:27:30 | 000,090,112 | ---- | C] () -- C:\Windows\System32\custmon2k.dll
[2007/09/20 18:50:48 | 000,009,793 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/07/14 10:51:35 | 000,001,634 | ---- | C] () -- C:\Windows\bsm.ini
[2007/06/20 12:19:09 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/06/06 11:23:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/06 12:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/06 10:05:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/06 10:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/06 10:00:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 08:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 08:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/01/24 10:29:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\lxaxlcnp.dll
 
========== LOP Check ==========
 
[2009/11/13 18:11:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\AvaTrader
[2009/08/26 06:58:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HaCon
[2008/11/01 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PC Suite
[2009/05/20 08:48:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Thunderbird
[2010/10/22 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp
[2010/05/19 19:45:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Vso
[2010/11/06 10:42:50 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/07 07:55:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/11/07 07:56:00 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E0495AAD-2EAB-4DE3-8E88-75FCE69CDB54}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2007/05/31 11:24:09 | 000,000,090 | ---- | M] () -- C:\bcmwl6.log
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/10/30 07:11:46 | 000,012,903 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/11/07 07:32:34 | 1061,310,464 | -HS- | M] () -- C:\hiberfil.sys
[2007/02/01 09:24:24 | 000,258,048 | ---- | M] (Hewlett-Packard) -- C:\hpzids01.dll
[2008/02/25 21:11:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/02/25 21:11:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/07 07:32:32 | 1377,177,600 | -HS- | M] () -- C:\pagefile.sys
[2010/10/31 02:03:02 | 000,058,696 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_31.10.2010_02.55.01_log.txt
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/09/13 13:50:46 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/02 11:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2007/03/28 13:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2008/01/19 08:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2002/02/19 18:38:15 | 000,077,824 | ---- | M] (Lexmark International) -- C:\Windows\System32\spool\prtprocs\w32x86\LXAXPP5C.DLL
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008/10/14 21:56:33 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/19 08:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 12:41:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 12:41:25 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-06 01:46:10

< End of report >

Swisstreasure 07.11.2010 11:26
Schritt 1
Code:
:OTL
[2010/10/22 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf http://larusso.trojaner-board.de/Images/otlfix2.jpg.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Es sollte doch anzeigen bei Windows Defender, welches Programm das geblockt wird wenn Du unten auf das Icon klickst??

masi76 08.11.2010 08:20
Das Icon und die Meldung ist weg!!!
Weiss der liebe Gott warum...
Die letzte Anweisung von Dir habe ich allerdings
aufgrund dessen (noch) nicht ausgeführt.

Soll ich den letzten Scan trotzdem noch laufen lassen?

Swisstreasure 08.11.2010 13:55
Ja, mach noch Schritt 1 und melde Dich wieder.

masi76 09.11.2010 07:58
Code:
OTL logfile created on: 09/11/2010 07:43:41 - Run 6
OTL by OldTimer - Version 3.2.15.2    Folder = C:\Users\Markus\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1,013.00 Mb Total Physical Memory | 378.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.41 Gb Total Space | 29.38 Gb Free Space | 42.33% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
 
Computer Name: PIM-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010/10/15 08:43:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
PRC - [2010/09/01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/31 06:01:57 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/10/15 08:43:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2010/04/01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/08/07 11:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2004/10/22 12:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Pim\AppData\Local\Temp\iatmunin.sys -- (iatmunin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/03/01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/01/03 15:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/03 15:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/15 07:24:00 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/06 11:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/06 11:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/02 15:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 12:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 12:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 12:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/09/26 00:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 18:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/31 06:08:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 06:18:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 06:18:53 | 000,000,000 | ---D | M]
 
[2008/11/11 18:54:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Extensions
[2010/11/08 08:27:09 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions
[2009/08/11 06:59:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/11 18:53:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/06 21:46:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/24 22:51:40 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/09/24 22:51:40 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/09/24 22:51:40 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/09/24 22:51:40 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/09/24 22:51:40 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/10/30 06:45:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/11/08 08:11:26 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/11/08 08:11:26 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/10/30 06:45:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/10/30 06:40:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/30 06:17:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/30 06:17:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/30 06:15:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/29 07:02:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/27 14:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/27 07:15:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/26 10:30:08 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Markus\Desktop\TDSSKiller.exe
[2010/10/21 17:02:02 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2010/10/21 17:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/19 08:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/10/19 08:51:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010/10/12 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp
[2010/09/15 05:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/09/14 09:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/09/14 09:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/09/14 05:46:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/09/14 05:46:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/09/14 05:46:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/05/19 19:45:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Markus\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 90 Days ==========
 
[2010/11/09 07:51:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E0495AAD-2EAB-4DE3-8E88-75FCE69CDB54}.job
[2010/11/09 07:50:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/11/09 07:29:28 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/09 07:28:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/09 07:28:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/09 07:26:49 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/09 07:25:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/09 07:25:35 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/08 08:50:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/08 08:05:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/04 05:23:06 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/04 05:23:06 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/02 07:48:44 | 000,001,680 | ---- | M] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/10/31 01:52:36 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Markus\Desktop\TDSSKiller.exe
[2010/10/30 06:45:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/29 06:50:14 | 003,886,271 | R--- | M] () -- C:\Users\Markus\Desktop\Combo-Fix.exe
[2010/10/28 12:18:38 | 464,742,374 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/22 16:11:27 | 000,000,000 | ---- | M] () -- C:\Users\Markus\Saved
[2010/10/22 16:11:27 | 000,000,000 | ---- | M] () -- C:\Users\Markus\dir
[2010/10/22 16:11:26 | 000,000,000 | ---- | M] () -- C:\Users\Markus\notpad
[2010/10/15 02:23:44 | 000,441,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/15 05:02:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/09/15 05:01:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2010/11/02 07:48:44 | 000,001,680 | ---- | C] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/10/30 07:45:40 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/30 06:17:49 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/30 06:17:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/30 06:17:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/30 06:17:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/30 06:17:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/29 06:59:48 | 003,886,271 | R--- | C] () -- C:\Users\Markus\Desktop\Combo-Fix.exe
[2010/10/27 12:20:56 | 464,742,374 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/22 16:11:27 | 000,000,000 | ---- | C] () -- C:\Users\Markus\Saved
[2010/10/22 16:11:26 | 000,000,000 | ---- | C] () -- C:\Users\Markus\notpad
[2010/10/22 16:11:26 | 000,000,000 | ---- | C] () -- C:\Users\Markus\dir
[2010/09/15 05:02:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/09/15 05:01:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/19 19:45:14 | 000,000,033 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.log
[2010/05/19 19:45:13 | 000,007,887 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.cat
[2010/05/19 19:45:13 | 000,001,144 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.inf
[2009/10/21 14:14:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/12 14:22:52 | 000,059,904 | ---- | C] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 03:52:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\QSwitch.txt
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\DSwitch.txt
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\AtStart.txt
[2008/09/08 19:24:54 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2008/03/27 01:00:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/11/08 14:24:54 | 000,000,167 | ---- | C] () -- C:\Windows\wininit.ini
[2007/11/06 21:27:30 | 000,090,112 | ---- | C] () -- C:\Windows\System32\custmon2k.dll
[2007/09/20 18:50:48 | 000,009,793 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/07/14 10:51:35 | 000,001,634 | ---- | C] () -- C:\Windows\bsm.ini
[2007/06/20 12:19:09 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/06/06 11:23:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/06 12:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/06 10:05:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/06 10:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/06 10:00:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 08:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 08:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/01/24 10:29:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\lxaxlcnp.dll
 
========== LOP Check ==========
 
[2009/11/13 18:11:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\AvaTrader
[2009/08/26 06:58:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HaCon
[2008/11/01 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PC Suite
[2009/05/20 08:48:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Thunderbird
[2010/10/22 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp
[2010/05/19 19:45:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Vso
[2010/11/08 08:50:43 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/09 07:50:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/11/09 07:51:00 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E0495AAD-2EAB-4DE3-8E88-75FCE69CDB54}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< :OTL >
 
< [2010/10/22 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp >
Invalid Switch: 22 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp

 
< :Commands >
 
< [purity] >
 
< [emptytemp] >

< End of report >

Swisstreasure 09.11.2010 18:50
Ich meine Schritt 1 von hier:
http://www.trojaner-board.de/92133-t...tml#post586547

masi76 11.11.2010 07:58
Code:
All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
 
OTL by OldTimer - Version 3.2.15.2 log created on 11112010_065918
C:\Users\Markus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
File delete failed. C:\Users\Markus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
C:\Users\Markus\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 1031077 bytes
->Java cache emptied: 0 bytes
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\OfflineCache\index.sqlite deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\0280F289d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\0488B66Ad01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\062A84B8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\062AB4B8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\08E1BC5Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\0F15FF8Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\0FA46AE2d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\10C34EA5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\11B95BAAd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\1511B99Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\17B17765d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\184A15D8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\189E75D9d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\18D984B8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\18E93DEBd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\1B2A349Ed01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\1B89006Ad01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\1F155A4Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\1F3F8498d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\1FE7BF21d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\2075CC0Fd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\21ADE3C5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\22525B7Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\227B9801d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\23EF3630d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\25EA35EEd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\25F230F9d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\278B7103d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\27FFF46Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\2E273A9Ed01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\2E3632ECd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\2EFDB795d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\2EFF529Fd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\2F739EE6d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\301E0BD7d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\30D0D470d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\30DFEF9Cd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\338FF34Ad01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\339505AFd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\339C1717d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\35756E2Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\37D183C8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\3A2FAD99d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\3AD505B9d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\3C5C81F6d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\3C905514d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\3C915514d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\3F5E8EB4d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4025678Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\40A875B7d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\416C837Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\45834DD6d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4B033C41d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4B133C41d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4CDA57E1d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4D6E55DDd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4EB0706Ed01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4F308F1Ad01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4F70B338d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5056C3F8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\505B02F8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\508703F1d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\524EB992d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5310D5C9d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\535C1CC9d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\53E27A1Ad01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\554393EBd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\55FB3B39d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\560D8FBAd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\58645E84d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5AFC0EB6d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5BBA4351d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5C0EBA1Ed01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5C26777Ed01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5C48817Cd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5D357386d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5E4F75ACd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5ED92CDFd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5FDFA042d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\6042D8BCd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\62DBE3E8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\63AFC4D1d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\66FDCEB5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\69BA3907d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\69BF4F55d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\6BF87EA4d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\6D3BF464d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\6DB20F0Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\6E6CC879d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\6F6BA31Cd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\7326866Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\749E3F22d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\75B86F60d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\760D46D5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\78C9B5A8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\7A703A2Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\7A8898CFd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\7B848F1Ad01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\7D9869B8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\7F0F1EB4d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\86A5FFC4d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\875D34AAd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\882F3FF5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\884D45BEd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\89767679d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\8AFBFA84d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\8C27DF72d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\8DBC798Fd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\8FDD8F91d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\94FCD89Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\96B92F6Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\98E56B62d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\99F476B0d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\9A7C849Cd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\9B2774F0d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\9B3D05A2d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\9E1CD59Cd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\9F1DB49Cd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\9FDD8F91d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A02997EDd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A1CB5E72d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A5183CD7d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A5F8D8CFd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A5F8D9D8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A6B47BE4d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A6F8D9E8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A8E3D7CEd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A90CF727d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A94BB4AEd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A955D79Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A95E15DAd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A96A3499d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A9AF4433d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\AA524C25d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\AAB565AEd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\AD1AEC07d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\ADBD1C25d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B2A7A991d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B5A4D9EEd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B6802F51d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B6872F51d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B7159CF9d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B7D46C45d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B8988753d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B89DFDCCd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\BA9D6396d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\BB00D89Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\BB294354d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\BB4BFC62d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\BC094E25d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\BEF8758Fd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\BF372646d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C0BCFD38d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C1FBD8B8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C1FCF355d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C1FDD8D8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C39C0EF5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C4144D86d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C5965A36d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C600B4AAd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C6FBD8C8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C7BD1CE7d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C7FCD8ADd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C85EE635d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C8D7D47Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\CB71849Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\CCAE1306d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\CCED6D63d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D0F0B546d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D0FA1BB8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D1AB405Fd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D2351224d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D2F905DFd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D3E5759Ed01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D4F23553d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D56D7587d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D78FB782d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D7BADC79d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D82863CCd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D8C25CEDd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D8E56317d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D95CB4B9d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D9ACF216d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D9E525ACd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\DA3BE8A5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\DB410FF0d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\DBCE3481d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\DD92F652d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\DE6B55B7d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\DF50443Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\DF5FE4D5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E1697573d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E194230Ed01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E1A0DF7Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E1AF2963d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E1D3F865d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E2F1DB1Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E4552F76d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E4C75C88d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E63FF8C3d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E80A3F99d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E81E0956d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E8323498d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E8EC5CDCd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E8F13960d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\EA9505ACd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\EDC54DECd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F44AA604d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F629349Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F7F258E4d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F7F7EE84d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F7FD1814d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F8278F19d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F8885AE8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F99B4080d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F9B15C22d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FA138A18d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FA395767d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FA3BDF89d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FA3FCDA1d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FBDAB490d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FD4D8972d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FE46C49Cd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FE952177d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\_CACHE_001_ deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\_CACHE_002_ deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\_CACHE_003_ deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\_CACHE_MAP_ deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\urlclassifier3.sqlite deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\XPC.mfl deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\XUL.mfl deleted successfully.
->FireFox cache emptied: 99137797 bytes
->Google Chrome cache emptied: 0 bytes
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#xt-static.phncdn.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#wwwstatic.megavideo.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www8.agame.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www1.belboon.de\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.tubethumbs.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.tnaflix.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.sexbot.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.naiadsystems.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.moviefap.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.maturetubelust.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.fux.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.foxytube.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.empflix.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.drtuber.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.badjojo.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.amod.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.amateurboobtube.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.alphaporno.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vidii.hardsextube.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video-one.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#v.movad.de\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tubeko.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#thumbs.deviantclip.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#t8-static.phncdn.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#staticloads.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youporn.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.xvideos.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.xhamster.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.awempire.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#skyload.net\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.hotpornshow.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pr-cdn-c.tnaflix.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pr-cdn-c.empflix.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ph-static.phncdn.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochibot.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#members.livejasmin.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media1.shufuni.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#km-static.phncdn.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#imgx.livejasmin.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img1.livejasmin.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img.livejasmin.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.ads.whaleads.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.duckload.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#doug1izaerwt3.cloudfront.net\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.mochibot.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn1.image.freeporn.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn-www.extremetube.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#casino.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.tgpsitecentral.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#archiv.to\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#213.174.142.210\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\xt-static.phncdn.com\flash\player_embed.swf\ph_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\wwwstatic.megavideo.com\megavideouser.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\wwwstatic.megavideo.com\usersettings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www8.agame.com\mirror\flash\s\StreetWheels2.swf\FlashGamesStudio.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www8.agame.com\mirror\flash\b\billiard_blitz_2\billiard_blitz_2_spielen_com.swf\bb2data.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www1.belboon.de\flash.swf\000001209.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.tubethumbs.com\com.jeroenwijering.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.tnaflix.com\embedding_player\player_v0.2.1.swf\flixstream_audio_settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.naiadsystems.com\#naiad\pure.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.moviefap.com\embedding_player\player_v0.2.1.swf\flixstream_volume.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.maturetubelust.com\com.jeroenwijering.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.fux.com\players\FuxStream\Plugins\postroll-v2.swf\fux-postroll-advertising-rotation.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.fux.com\com.jeroenwijering.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.foxytube.com\player\player_v2_full.swf\savedVol.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.empflix.com\embedding_player\player_v0.2.1.swf\flixstream_audio_settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.badjojo.com\xmoov_flv\player\videoplayer.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.amod.com\analytics.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.alphaporno.com\#kernelteam\preferences.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\vidii.hardsextube.com\cdnvidii.swf\FlvPlayerSettings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\video-one.com\flowplayer\flowplayer-3.1.5.swf\org.flowplayer.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\v.movad.de\c\101786\3c2f9539055ca20c4e73cd46a59ba7f0.swf\movad.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\tubeko.com\com.jeroenwijering.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\thumbs.deviantclip.com\static\player\flowplayer.commercial-3.1.5.swf\org.flowplayer.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\t8-static.phncdn.com\swf\player.swf\ivp_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\staticloads.com\com.jeroenwijering.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\static.youporn.com\com.etology.flvplayer.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\static.xvideos.com\swf\flv_player_site_v4.swf\hexaplayerPopUpCookieEmbed.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\static.xvideos.com\swf\flv_player_site_v4.swf\hexaplayerVolumeCookie.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\static.xhamster.com\com.jeroenwijerin.players.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\static.awempire.com\flash\custom-freechat\freechat141.swf\jasminmember01.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\static.awempire.com\flash\custom-freechat\freechat141.swf\jasmin_versio.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\skyload.net\com.jeroenwijering.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\s.ytimg.com\soundData.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\s.ytimg.com\videostats.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\s.hotpornshow.com\com.jeroenwijering.players.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\pr-cdn-c.tnaflix.com\player_v0.3.55.swf\flixstream_audio_settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\pr-cdn-c.tnaflix.com\player_v0.3.54.swf\flixstream_audio_settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\pr-cdn-c.tnaflix.com\player_v0.3.53.swf\flixstream_audio_settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\pr-cdn-c.tnaflix.com\ck_tnaflix.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\pr-cdn-c.empflix.com\player_v0.3.53.swf\flixstream_audio_settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\pr-cdn-c.empflix.com\ck_empflix.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\ph-static.phncdn.com\flash\player_v1.swf\ph_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\ph-static.phncdn.com\flash\player.swf\ivp_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\ph-static.phncdn.com\flash\embed_player_v1.3.swf\ph_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\mochibot.com\com.mochibot.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\members.livejasmin.com\wmtr.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\media1.shufuni.com\Static\Flash\Players\flvplayer_0226.swf\shuf_player.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\km-static.phncdn.com\flash\player_old.swf\ph_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\km-static.phncdn.com\flash\player.swf\ivp_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\imgx.livejasmin.com\wmtr.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\img1.livejasmin.com\flash\cdnrouter.swf\lj_router.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\img.livejasmin.com\flash\memberchat251.swf\jasminmember01.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\img.livejasmin.com\flash\memberchat251.swf\jasmin_versio.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\img.livejasmin.com\wmtr.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\images.ads.whaleads.com\www\images\629f1f29e94310483675ffd09dc555ee.swf\F.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\flash.duckload.com\video\duckloadplayer.swf\playerSettings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\doug1izaerwt3.cloudfront.net\3c03f5f3d762539cb59529f12fb4142f54cfc642.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\core.mochibot.com\com.mochibot.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\cdn1.image.freeporn.com\swf\player\guestplayer.swf\videoplayer.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\cdn-www.extremetube.com\flash\player_embed.swf\ph_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\casino.com\core\EMERPECp\flash_object_81.swf\emerp.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\archiv.to\com.jeroenwijering.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\213.174.142.210\com.jeroenwijering.sol deleted successfully.
->Flash cache emptied: 12005 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3244458 bytes
RecycleBin emptied: 113912 bytes
 
Total Files Cleaned = 104.00 mb
 
 
OTL by OldTimer - Version 3.2.15.2 log created on 11112010_065905

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000003E13AEEBCEC5F4E0CD not found!

Registry entries deleted on Reboot...

Swisstreasure 11.11.2010 18:53
Schritt 1

Dateien löschen

Gehe in den abgesicherten Modus (Link bitte unbedingt anklicken & lesen!) von windows

Drücke beim Hochfahren des rechners [F8] (bei win xp) solange, bis du eine auswahlmöglichkeit hast.
Wähle hier:Abgesicherter Modus mit Netzwerktreibern

Dann lösche folgenden Ordner im Explorer:
Zitat:
C:\Users\Markus\AppData\Roaming\TrusteerHelp
Schritt 2

Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

masi76 12.11.2010 08:08
Laut Explorer gibt es keinen Ordner:

"C:\Users\Markus\AppData\Roaming\TrusteerHelp".

Kann dass denn sein...???

Wenn ich den Pfad "C:\Users\Markus\" bis hier her gehe,
dann finde ich auch kein "AppData". Lediglich wenn ich
über Programms suchen gehe, dann findet er den Weg
weiter über "AppData\Roaming\".

Von "TrusteerHelp" ist nix zu finden.

Ich glaub manchmal bin ich zu blöd...:headbang:

Swisstreasure 12.11.2010 13:29
Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
    Vista-User mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :dir
    C:\Users\Markus\AppData\Roaming\TrusteerHelp
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

masi76 12.11.2010 15:55
Egal, ob über Spielgel 1 oder Spiegel 2, wird abgelehnt...

Was nun???

masi76 12.11.2010 16:06
Auch als Administrator hab ich keine Auswahl...

Hab das Gefühl, dass mir "uns" auf der Zielgeraden der
Sprit ausgeht...

masi76 12.11.2010 16:11
Hab Dir nochmal den Screenshot angehängt.

masi76 12.11.2010 16:11
.............................

masi76 12.11.2010 16:13
...................................

masi76 12.11.2010 16:14
Liste der Anhänge anzeigen (Anzahl: 1)
.......................

Swisstreasure 12.11.2010 16:32
Du hast ja das Programm und dort im Feld auf dem Screenshot musst Du das Script einkopieren wie in der Anleitung beschrieben.

masi76 12.11.2010 16:49
Sorry............

masi76 12.11.2010 16:49
Code:
SystemLook 04.09.10 by jpshortstuff
Log created at 16:47 on 12/11/2010 by Markus
Administrator - Elevation successful

========== dir ==========

C:\Users\Markus\AppData\Roaming\TrusteerHelp - Unable to find folder.

-= EOF =-

Swisstreasure 12.11.2010 17:59
Bitte mache nicht so viele Thread!!!

Führe Systemlook erneut aus mit diesem Script:

Zitat:
:filefind
TrusteerHelp

masi76 13.11.2010 07:33
Code:
SystemLook 04.09.10 by jpshortstuff
Log created at 07:22 on 13/11/2010 by Markus
Administrator - Elevation successful

========== filefind ==========

Searching for "TrusteerHelp "
No files found.

-= EOF =-

Swisstreasure 13.11.2010 14:36
Dürfte weg sein :)

Wie läuft es?

masi76 14.11.2010 16:46
So weit ich es beurteilen kann, läuft das
Betriebssystem wieder guuut!

In diesem Sinne, recht herzlichen Dank für Dein
Unterstützung!!!

Wo kommt denn "swiss" genau her...???

Bin demnächst in Davos...

Swisstreasure 15.11.2010 19:06
Aus dem schönen Aargau :)

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Systemwiederherstellungpunkte leeren

Windows +E Taste drücken --> Rechtsklick über Laufwerk C --> Eigenschaften --> Bereinigen --> weitere Optionen --> Systemwiederherstellung und Schattenkopien bereinigen.

Schritt 2

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.


Schritt 3

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.


Schritt 4

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
  • SpywareBlaster
    Ein Tutorial zur Verwendung findest Du Hier

  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
    Hinweis: MBAM ersetzt keine Anti- Viren- Software.

  • Temp File Cleaner
    TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
    Ausserdem hilft es Deinen Computer zu beschleunigen.
    Du kannst Dir TFC ( by OldTimer ) hier downloaden.

  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.

  • Halte Dein System aktuell
    Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
    Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
    Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.

  • Halte Deine Software aktuell
    Der einfachste Weg dafür ist der Secunia Online Software.


Schritt 5

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.

  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

masi76 16.11.2010 14:53
Da ich einen in England gekauften Laptop hab,
tu´ ich mich mit dem ersten Schritt schwer...

Bin ich da denn richtig...???

Hab Dir ein Screenshot gemacht...

masi76 16.11.2010 14:55
Anbei das capture

Swisstreasure 16.11.2010 17:36
Ich sehe kein Screenshot...

masi76 16.11.2010 19:38
Liste der Anhänge anzeigen (Anzahl: 1)
...........................

Swisstreasure 16.11.2010 20:00
Dort auf Disk CleanUp. Weiter sehe ich nun auch nicht :)

masi76 16.11.2010 23:23
Habe alle zuvor genannten Schritte abgearbeitet.

Jetzt weiss ich auch welches "Startup programm"
neulich geblockt wurde...

Es war "MalwareBytes Anti Malware"!!!

Dieses hatte ich damals nämlich deinstalliert und
somit war auch wahrscheinlich das icon in der unteren
Taskleiste weg.

Jetzt ist das icon wieder da, da ich nochmals das
"MalwareBytes Anti Malware" runtergeladen.

Soll ich es nun wieder deinstallieren und nur bei
Gebrauch wieder runterladen?

masi76 17.11.2010 00:33
Hhhmmm...
Schau mal, hab in der unteren taksleiste
wieder so ein besch... icon, was ich nicht
zuordnen kann (siehe screenshot).

Hört dass denn nie auf...

masi76 17.11.2010 00:47
Lässt sich im Moment leider kein screenshot / snipping machen.

Das neue icon besagt Folgendes:

Windows Security Alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other security
threats. Click here for the scan your computer. Your system might
be at risk now.

Soll ich Dir sicherheitshalber nochmal ein logfile schicken?

Hat doch bis eben alles funktioniert! Weiss der Teufel was das jetzt
wieder ist.

Swisstreasure 17.11.2010 22:30
Hast Du wieder etwas schädliches geladen??

Ich werde mich morgen wieder melden. Liege krank im Bett und mag kaum in den Bildschirm schauen :(

masi76 18.11.2010 07:13
Kein Problem.

Wünsche Dir gute Besserung.

Nicht dass ich wüsste, war lediglich bei ebay
längere Zeit auf der Seite.

Und geladen hab ich nicht wirklich etwas.

Na ja, schau´ mer mal...

Swisstreasure 18.11.2010 20:51
Na das tönt aber nicht gut....

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system?
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird Gmer beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

masi76 19.11.2010 07:27
Wollte einen logfile mit otl.exe erstellen, wurde aber geblockt...
Heisst, ich komme erst gar nicht soweit, dass ich quick scan,
systemscan etc. anklicken kann und Dein Empfehlungen einfügen
kann.

Ich könnte gerade kotzen!

Wenn es Dir zu viel wird, dann kann ich es verstehen, dann such
ich mir ein anderes Hilfsforum.

Swisstreasure 21.11.2010 12:37
Nein, sicherlich wird es mir nich zu viel. Aber die starke Angina hat mich ins Bett geworfen.

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system?
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird Gmer beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

masi76 22.11.2010 14:01
Leider wird auch gmer.exe während des Scans abgebrochen...

Klingt nicht gut, oder...

Swisstreasure 22.11.2010 14:33
Nein klingt es nicht..

Dann versuche einfach einmal einen Quickscan mit Malwarebytes und poste dann das Log.

masi76 22.11.2010 16:24
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5129

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

22/11/2010 16:21:24
mbam-log-2010-11-22 (16-21-24).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 145484
Laufzeit: 17 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bkmgvvyq (Rogue.AntivirusAction) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Markus\AppData\Local\Temp\qaclevdrb\gvhvcpytsbl.exe (Rogue.AntivirusAction) -> Quarantined and deleted successfully.
C:\Users\Markus\Local Settings\Application Data\syssvc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Swisstreasure 22.11.2010 16:26
Versuche jetzt nochmals mit otl.exe zu scannen.

masi76 22.11.2010 16:50
Code:
OTL logfile created on: 22/11/2010 16:32:22 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Users\Markus\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1,013.00 Mb Total Physical Memory | 388.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.41 Gb Total Space | 31.10 Gb Free Space | 44.80% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
 
Computer Name: PIM-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (iatmunin) -- C:\Users\Pim\AppData\Local\Temp\iatmunin.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/31 06:08:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/12 05:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/12 05:54:17 | 000,000,000 | ---D | M]
 
[2008/11/11 18:54:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Extensions
[2010/11/19 07:31:43 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions
[2010/11/13 07:14:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/11 18:53:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/06 21:46:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/12 05:54:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/11/12 05:54:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/11/12 05:54:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/11/12 05:54:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/11/12 05:54:07 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/10/30 06:45:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/11/22 09:31:36 | 000,094,848 | ---- | C] (GMER) -- C:\uwldapow.sys
[2010/11/16 23:03:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/16 23:03:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/16 23:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/09 08:33:08 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Avira
[2010/11/08 08:11:26 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/11/08 08:11:26 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/10/30 06:45:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/10/30 06:40:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/27 14:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/27 06:57:02 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/27 06:56:58 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/27 06:56:57 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/05/19 19:45:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Markus\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010/11/22 16:35:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/11/22 16:30:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/22 16:28:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/22 16:28:00 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/22 16:27:32 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/22 16:25:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/22 16:25:52 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/22 16:24:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/22 16:05:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/22 13:22:27 | 138,622,950 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/22 09:31:36 | 000,094,848 | ---- | M] (GMER) -- C:\uwldapow.sys
[2010/11/22 09:13:43 | 000,000,000 | ---- | M] () -- C:\Users\Markus\defogger_reenable
[2010/11/16 23:03:43 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/16 22:40:55 | 000,441,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/12 08:13:50 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1916800003-2860886627-113782704-1002.job
[2010/11/12 07:10:13 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{52C964EE-F448-412B-8FE7-0550962111FD}.job
[2010/11/10 08:31:38 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/10 08:31:37 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/09 08:36:09 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/09 08:36:09 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/02 07:48:44 | 000,001,680 | ---- | M] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/10/30 06:45:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
 
========== Files Created - No Company Name ==========
 
[2010/11/22 09:13:43 | 000,000,000 | ---- | C] () -- C:\Users\Markus\defogger_reenable
[2010/11/16 23:03:43 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/12 08:14:30 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/12 07:57:04 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1916800003-2860886627-113782704-1002.job
[2010/11/12 07:10:13 | 000,000,424 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{52C964EE-F448-412B-8FE7-0550962111FD}.job
[2010/11/02 07:48:44 | 000,001,680 | ---- | C] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/10/30 07:45:40 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/27 12:20:56 | 138,622,950 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/19 19:45:14 | 000,000,033 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.log
[2010/05/19 19:45:13 | 000,007,887 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.cat
[2010/05/19 19:45:13 | 000,001,144 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.inf
[2009/10/21 14:14:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/12 14:22:52 | 000,059,904 | ---- | C] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 03:52:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\QSwitch.txt
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\DSwitch.txt
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\AtStart.txt
[2008/09/08 19:24:54 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2008/03/27 01:00:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/11/08 14:24:54 | 000,000,167 | ---- | C] () -- C:\Windows\wininit.ini
[2007/11/06 21:27:30 | 000,090,112 | ---- | C] () -- C:\Windows\System32\custmon2k.dll
[2007/09/20 18:50:48 | 000,009,793 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/07/14 10:51:35 | 000,001,634 | ---- | C] () -- C:\Windows\bsm.ini
[2007/06/20 12:19:09 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/06/06 11:23:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/06 12:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/06 10:05:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/06 10:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/06 10:00:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 08:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 08:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/01/24 10:29:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\lxaxlcnp.dll
 
========== LOP Check ==========
 
[2009/11/13 18:11:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\AvaTrader
[2009/08/26 06:58:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HaCon
[2008/11/01 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PC Suite
[2009/05/20 08:48:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Thunderbird
[2010/05/19 19:45:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Vso
[2010/11/22 16:24:56 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/22 16:35:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/11/12 07:10:13 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{52C964EE-F448-412B-8FE7-0550962111FD}.job
 
========== Purity Check ==========
 
 

< End of report >

masi76 22.11.2010 16:51
Code:
OTL Extras logfile created on: 22/11/2010 16:32:22 - Run 1
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Users\Markus\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1,013.00 Mb Total Physical Memory | 388.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.41 Gb Total Space | 31.10 Gb Free Space | 44.80% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
 
Computer Name: PIM-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{475EC59A-B91B-4911-BDC2-084239247EC3}" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\7zsd463.tmp\symnrt.exe |
"{4A12E9F4-9705-467D-8BFB-0B22B357ADB2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqsudi.exe |
"{4A3D3F83-04F6-4D95-A73A-B38767A57ADC}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpsapp.exe |
"{668EEA5A-A3E8-43B9-906E-2D3684E12F54}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{7F7E42EA-1882-42D3-B188-A91B6E602F6B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7FFBEACD-1835-4E2E-B204-9455A9C8C691}" = protocol=17 | dir=in | app=c:\users\markus\appdata\local\temp\7zs8065.tmp\symnrt.exe |
"{98321619-A523-4E84-A508-509F40722BCD}" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\7zs8065.tmp\symnrt.exe |
"{A6DB229D-9944-48FE-BE3A-B32531776067}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2DF8117-DF89-43E9-B78A-B436BBB8378D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CE8D2281-E568-4C76-9708-488A4AF6355A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D0100667-560B-4C9F-B92C-5BC8244F45B8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D080FF2A-F170-48A0-952F-5B4216743661}" = protocol=6 | dir=in | app=c:\users\markus\appdata\local\temp\7zsd463.tmp\symnrt.exe |
"{D1CC0E3A-E64F-482D-B4FE-4E3AAB555D04}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{D8918E37-8914-4C5A-BF0E-AEEFC1E2E009}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E673E3DB-F26B-401C-8286-2C5084B6024B}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{E8FC7B4B-DE1E-4D84-808A-204159898D9D}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqpse.exe |
"TCP Query User{05A672C5-0508-4269-A89B-79421114F250}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{0D099135-DB97-4304-92EF-F302CDECDCC4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3D56595E-153C-4308-807E-24CF0DFCB96E}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{535ED4F5-7478-4369-AF0A-1E12809DE55B}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{A28BF2C2-3EDC-4D77-A2FF-B44FD2703B19}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C29761DB-AE73-4826-823A-8A27D3ABA934}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1FBDDF3F-ABAB-4DD4-A61D-FFCAD1D840CA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{374241BF-0AE6-4773-9C80-DB73BEF14CEE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{6E26DB86-A7A7-4F68-949B-DF6F75A25C25}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{882031B7-AA4F-41C6-9F5A-768BB5BAA487}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9EF7B8D7-A31D-40F6-949D-6FA41E10C14F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{F65A47E5-FFE6-46D6-9D73-84A0603B0383}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15DD1D3C-8386-47D4-91A4-2D25FAFE1255}" = HP User Guide 0039
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}" = Serif PagePlus SE 1.0
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}" = Ad-Aware SE Personal
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}" = PDFill PDF Editor with FREE PDF Writer and Tools
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem  (05/22/2008 3.8)
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.5.15)" = Mozilla Firefox (3.5.15)
"PDFill PDF Writer" = PDFill PDF Writer
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 2.0.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12/05/2009 02:59:01 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program SoftwareUpdate.exe version 2.1.1.116 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: dc0  Start Time: 01c9d2ce59a76b56  Termination Time: 4010
 
Error - 25/05/2009 14:10:32 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.0.3399 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 93c  Start Time: 01c9dd63b4bccdd6  Termination Time: 172
 
Error - 02/06/2009 03:11:53 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program SoftwareUpdate.exe version 2.1.1.116 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: fb8  Start Time: 01c9e34e9c6ff885  Termination Time: 3541
 
Error - 04/06/2009 06:20:50 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program fx_client.exe version 3.3.268.1 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: fcc  Start Time: 01c9e4e101972538  Termination Time: 94
 
Error - 05/06/2009 18:58:48 | Computer Name = Pim-PC | Source = Google Update | ID = 20
Description =
 
Error - 15/06/2009 02:38:01 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: ab4  Start Time: 01c9ed812eac1ad6  Termination Time: 50768
 
Error - 15/06/2009 02:45:05 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.exe version 6.0.6001.18164 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 840  Start Time: 01c9ed83d7025d56  Termination Time: 60000
 
Error - 22/06/2009 01:17:21 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 170  Start Time: 01c9f2f7ad273f1f  Termination Time: 39858
 
Error - 28/06/2009 12:08:14 | Computer Name = Pim-PC | Source = Application Hang | ID = 1002
Description = The program Nss.exe version 2.2.0.26 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Problem Reports and Solutions control panel.  Process
ID: bf8  Start Time: 01c9f809a7fe97e9  Termination Time: 93
 
Error - 30/06/2009 02:39:39 | Computer Name = Pim-PC | Source = Application Error | ID = 1000
Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37,
 faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
 0xc0000005, fault offset 0x24005d7e,  process id 0x240, application start time 0x01c9f94d05e8d1da.
 
[ System Events ]
Error - 16/11/2010 18:08:14 | Computer Name = Pim-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 17/11/2010 02:46:01 | Computer Name = Pim-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 17/11/2010 08:10:37 | Computer Name = Pim-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 19/11/2010 02:14:03 | Computer Name = Pim-PC | Source = DCOM | ID = 10010
Description =
 
Error - 19/11/2010 02:14:40 | Computer Name = Pim-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 22/11/2010 04:33:12 | Computer Name = Pim-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:32:12 on 22/11/2010 was unexpected.
 
Error - 22/11/2010 08:13:53 | Computer Name = Pim-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:15:15 on 22/11/2010 was unexpected.
 
Error - 22/11/2010 08:22:40 | Computer Name = Pim-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:21:40 on 22/11/2010 was unexpected.
 
Error - 22/11/2010 08:26:10 | Computer Name = Pim-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 22/11/2010 10:53:39 | Computer Name = Pim-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 13:55:48 on 22/11/2010 was unexpected.
 
 
< End of report >

Swisstreasure 22.11.2010 16:55
Schritt 1
Code:
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf http://larusso.trojaner-board.de/Images/otlfix2.jpg.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system?
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird Gmer beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

masi76 22.11.2010 17:26
Code:
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Markus
->Temp folder emptied: 705066 bytes
->Temporary Internet Files folder emptied: 679732 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45504457 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3074 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1576788 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 46.00 mb
 
 
OTL by OldTimer - Version 3.2.17.3 log created on 11222010_171558

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

masi76 22.11.2010 19:23
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-22 19:17:24
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 ST98823AS rev.7.24
Running: gwsx03h9.exe; Driver: C:\Users\Markus\AppData\Local\Temp\uwldapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd105d2a                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd105d2a@001963f1ab0c        0x8C 0x50 0x65 0x11 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583ba72f1                     
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd105d2a (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd105d2a@001963f1ab0c            0x8C 0x50 0x65 0x11 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583ba72f1 (not active ControlSet) 

---- EOF - GMER 1.0.15 ----

Swisstreasure 22.11.2010 20:08
Und das Icon noch vorhanden?

masi76 22.11.2010 20:16
Das Icon ist verschwunden.
Gott sei Dank!

Swisstreasure 22.11.2010 20:29
Schritt 1

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.

Schritt 2
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Bitte während des Scans alle Hintergrundwächter abstellen/deaktivieren.
  • Java muss installiert, aktiv und erlaubt sein.
  • Bebilderte Anleitung von sundavis.
  • Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.
  • Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
  • Die Datenschutzerklärung akzeptieren.
  • Programm installieren lassen.
  • Update der Signaturen installieren lassen.
  • Wenn der Status "Complete" ist,
  • Scan-Einstellungen (Settings) Standard lassen
  • Links den Link "My Computer" anklicken.
  • Scan beginnt automatisch.
  • Wenn der Scan fertig ist, auf "View scan report" klicken,
  • "Save report as" und Dateityp auf .txt umstellen,
  • und auf dem Desktop als Kaspersky.txt speichern.
  • Logdatei hier posten.
  • Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.

masi76 23.11.2010 10:59
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d0981509bee53c42abe9a9defe537834
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-27 03:42:42
# local_time=2010-10-27 05:42:42 (+0100, W. Europe Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 428077 428077 0 0
# compatibility_mode=1024 16777215 100 0 75847330 75847330 0 0
# compatibility_mode=1797 16775165 100 100 514405 63703884 20827 0
# compatibility_mode=5892 16776573 100 100 29490 125721305 0 0
# compatibility_mode=8192 67108863 100 0 681 681 0 0
# scanned=133035
# found=0
# cleaned=0
# scan_time=5585
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=d0981509bee53c42abe9a9defe537834
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-23 09:42:11
# local_time=2010-11-23 10:42:11 (+0100, W. Europe Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 2734452 2734452 0 0
# compatibility_mode=1024 16777215 100 0 78153705 78153705 0 0
# compatibility_mode=1797 16775165 100 100 710478 65391516 742481 0
# compatibility_mode=5892 16776573 100 100 4284 128027680 0 0
# compatibility_mode=8192 67108863 100 0 2307056 2307056 0 0
# scanned=132685
# found=1
# cleaned=0
# scan_time=10379
C:\Users\Markus\AppData\Local\VirtualStore\Windows\System32\owlg.uto        a variant of Win32/Oficla.IF trojan        00000000000000000000000000000000        I

masi76 23.11.2010 11:07
Irgendwie komme ich mit dem Kaspersky-Scan nicht weiter.
Glaube das liegt an dem Java...
Auf jeden Fall komme ich bei dem link zu Kaspersky nicht weiter.

Swisstreasure 23.11.2010 13:05
Wie nicht weiter? Java hast Du sicher aktiviert oder?

masi76 23.11.2010 13:19
Ich weiss nicht wie ich prüfen kann ob Java aktiviert ist.

Wie gesagt, wenn ich auf den link zu
Kaspersky Scan gehe, kann ich nix mehr
anklicken, was einen Scan startet oder
mich sonst irgendwie weiterbringt.
Habe auch Antivir und die Firewall ausgeschaltet
gehabt. Bei dem Link zeigt es mir unter
Systeminformationen folgendes an:

* OS type: ...
* Browser: ...
* Java vendor: ...
* Java version: ...
* OS architecture: ...
* Java support by the browser: false

Please enable browser support for Java and JavaScript.

Swisstreasure 23.11.2010 13:40
Versuche es mit dem IE

masi76 23.11.2010 14:09
Mit dem IE bin ich einen Schritt weiter gekommen.

Ich werde vom Kaspersky-Link nach anklicken auf
die Downloadseite von Java weitergeleitet. Hier kommt
dann die Meldung nach dem Versuch Java runterzuladen,

"IE cannot download Javasetup..."
"The connection with the server was reset"

Kann denn das so schwer sein...???!!!

Swisstreasure 23.11.2010 14:10
Mach einmal diesen test:
Java-Installation überprüfen

masi76 23.11.2010 15:46
Wieder ein Schritt weiter.
Habe Java installiert und bei Kaspersky bin
ich auch einen Schritt weiter gekommen, aber
dann kam diese Meldung:

The program is starting. Please wait...
Updates source is selected: hxxp://www.kaspersky.com
File download: packages/kos-extras.jar
The program is started.

Updating the anti-virus database. Please wait...

Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]

Swisstreasure 23.11.2010 16:35
Hast Du während em Scan Inetverbindung?

masi76 24.11.2010 07:57
Ja, ich war parallel beim Trojaner-Board angemeldet.
Habe den Scan laufen lassen wollen.
Wie gesagt, habe den Mozilla-Browser als Admin
gestartet und die Firewall und Antivir solange ausgeschaltet
gehabt.

Swisstreasure 24.11.2010 20:13
Dann mach einen Scan mit

BitDefender QuickScan
  • Unterstützte Betriebssysteme: Alle
  • Im IE wird ein ActiveX-Addon installiert und im Firefox ein Addon (was jweils erlaubt werden muss).
  • Klicke auf "Scan starten".
  • Klicke auf "Log öffnen".
  • Das Logfile öffnet sich in Deinem Editor.
  • Poste mir den Inhalt hier in den Thread.
  • Achte darauf IPs und persönlichen Daten unkenntlich zu machen.
  • Deinstallation:
    IE => Extras => Uninstall BitDefender Online Scanner.
    Firefox => Extras => Addons => BitDefender QuickScan deinstallieren.

masi76 25.11.2010 07:41
Code:
QuickScan Beta 32-bit v0.9.9.52
-------------------------------
Überprüfungsdatum:  Thu Nov 25 07:28:21 2010
Computer ID: C6571BC



Keine Infizierungen gefunden.
-----------------------------



Prozesse
--------
AntiVir Desktop                          420    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
DivX Update                              552    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
Firefox                                  3244    C:\Program Files\Mozilla Firefox\firefox.exe
HP Wireless Assistant                    400    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HP Wireless Assistant                    388    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
HpqToaster Module                        3480    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
Intel(R) Common User Interface            288    C:\Windows\System32\hkcmd.exe
Intel(R) Common User Interface            300    C:\Windows\System32\igfxpers.exe
Intel(R) Common User Interface            280    C:\Windows\System32\igfxtray.exe
iTunes                                    444    C:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0    892    C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System      656    C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System    3316    C:\Windows\ehome\ehmsas.exe
Microsoft® Windows® Operating System      624    C:\Windows\ehome\ehtray.exe
Microsoft® Windows® Operating System    1988    C:\Windows\explorer.exe
Microsoft® Windows® Operating System    1944    C:\Windows\System32\dwm.exe
Microsoft® Windows® Operating System    2640    C:\Windows\System32\taskeng.exe
RealPlayer (32-bit)                      480    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Synaptics Pointing Device Driver          272    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


Netzwerkaktivität
-----------------
Vorgang firefox.exe (3244) verbunden mit Anschluss 80 (HTTP) --> 74.125.77.100
Vorgang firefox.exe (3244) verbunden mit Anschluss 80 (HTTP) --> 95.100.149.115
Vorgang firefox.exe (3244) verbunden mit Anschluss 80 (HTTP) --> 74.125.77.154
Vorgang firefox.exe (3244) verbunden mit Anschluss 80 (HTTP) --> 74.125.77.155
Vorgang firefox.exe (3244) verbunden mit Anschluss 443 (HTTP over SSL) --> 64.4.11.160
Vorgang firefox.exe (3244) verbunden mit Anschluss 443 (HTTP over SSL) --> 65.55.12.249
Vorgang firefox.exe (3244) verbunden mit Anschluss 80 (HTTP) --> 74.125.77.100
Vorgang firefox.exe (3244) verbunden mit Anschluss 80 (HTTP) --> 74.125.77.101
Vorgang firefox.exe (3244) verbunden mit Anschluss 80 (HTTP) --> 173.194.18.152



Autoruns und kritische Dateien
------------------------------
Adobe Acrobat                            C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AntiVir Desktop                          C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
DivX Update                              C:\Program Files\DivX\DivX Update\DivXUpdate.exe
HP Health Check Scheduler                C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HP Wireless Assistant                    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HP Wireless Assistant                    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
Intel(R) Common User Interface          C:\Windows\System32\hkcmd.exe
Intel(R) Common User Interface          C:\Windows\System32\igfxdev.dll
Intel(R) Common User Interface          C:\Windows\System32\igfxpers.exe
Intel(R) Common User Interface          C:\Windows\System32\igfxtray.exe
iTunes                                  C:\Program Files\iTunes\iTunesHelper.exe
Java(TM) Platform SE Auto Updater 2 0    C:\Program Files\Common Files\Java\Java Update\jusched.exe
Malwarebytes' Anti-Malware              C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
Microsoft® Windows® Operating System    C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System    C:\Windows\ehome\ehtray.exe
Microsoft® Windows® Operating System    C:\Windows\System32\browseui.dll
Microsoft® Windows® Operating System    c:\windows\system32\userinit.exe
MobileMe                                C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime                                C:\Program Files\QuickTime\QTTask.exe
RealPlayer (32-bit)                      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Synaptics Pointing Device Driver        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Windows® Internet Explorer              C:\Windows\System32\webcheck.dll


Browser Plugins
---------------
AcroIEHelper Library                    c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
Adobe Acrobat                            C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan                    C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan                    C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
BitDefender QuickScan                    C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll (deleted)
DivX Player Netscape Plugin              C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
DivX Web Player                          C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
Download PDF Files                      C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
Google Toolbar for IE                    c:\program files\google\googletoolbar2.dll
Google Update                            C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
Google Updater                          C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
GoogleToolbarNotifier                    c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
InstallShield Update Service            C:\Windows\Downloaded Program Files\dwusplay.dll
InstallShield Update Service            C:\Windows\Downloaded Program Files\dwusplay.exe
InstallShield Update Service            C:\Windows\Downloaded Program Files\isusweb.dll
Java Deployment Toolkit 6.0.220.4        C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java(TM) Platform SE 6 U22              c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U22              C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft® Windows Media Player Firefox  C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
Microsoft® Windows® Operating System    C:\Windows\System32\mswsock.dll
Microsoft® Windows® Operating System    C:\Windows\System32\NapiNSP.dll
Microsoft® Windows® Operating System    C:\Windows\System32\nlaapi.dll
Microsoft® Windows® Operating System    C:\Windows\System32\pnrpnsp.dll
Microsoft® Windows® Operating System    C:\Windows\System32\winrnr.dll
Microsoft® Windows® Operating System    C:\Windows\System32\wshbth.dll
Mozilla Default Plug-in                  C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
npitunes.dll                            C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll                              C:\Windows\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.5 (861)              C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.5 (861)              C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.5 (861)              C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.5 (861)              C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.5 (861)              C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.5 (861)              C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.5 (861)              C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
RealJukebox NS Plugin                    C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
RealJukebox NS Plugin                    c:\program files\real\realplayer\Netscape6\nprjplug.dll
RealNetworks Rhapsody Player Engine      C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
RealPlayer Download and Record Plugin    c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
RealPlayer Version Plugin                C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
RealPlayer Version Plugin                c:\program files\real\realplayer\Netscape6\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P  C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
RealPlayer(tm) G2 LiveConnect-Enabled P  c:\program files\real\realplayer\Netscape6\nppl3260.dll
RealPlayer(tm) HTML5VideoShim Plug-In (  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
Windows Presentation Foundation          c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer              C:\Windows\System32\ieframe.dll


fahlende Dateien
----------------
Datei nicht gefunden: C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
  --> HKLM\System\ControlSet001\services\stllssvr\"ImagePath"

Datei nicht gefunden: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
  --> HKLM\System\ControlSet001\services\AddFiltr\"ImagePath"

Datei nicht gefunden: C:\Users\Pim\AppData\Local\Temp\iatmunin.sys
  --> HKLM\System\ControlSet001\services\iatmunin\"ImagePath"

Datei nicht gefunden: C:\Windows\System32\appmgmts.dll
  --> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

Datei nicht gefunden: C:\Windows\system32\drivers\blbdrive.sys
  --> HKLM\System\ControlSet001\services\blbdrive\"ImagePath"

Datei nicht gefunden: system32\DRIVERS\ipinip.sys
  --> HKLM\System\ControlSet001\services\IpInIp\"ImagePath"

Datei nicht gefunden: system32\DRIVERS\nwlnkflt.sys
  --> HKLM\System\ControlSet001\services\NwlnkFlt\"ImagePath"

Datei nicht gefunden: system32\DRIVERS\nwlnkfwd.sys
  --> HKLM\System\ControlSet001\services\NwlnkFwd\"ImagePath"

Datei nicht gefunden: system32\DRIVERS\usbser_lowerflt.sys
  --> HKLM\System\ControlSet001\services\upperdev\"ImagePath"


Überprüfen
----------


Keine Dateien hochgeladen

Scan beendet - Kommunikation hat 6 Sek. gedauert
übertragene Daten - 0.04 MB gesendet, 635.46 KB empfangen
959 Dateien und Module geprüft - 148 seconds

==============================================================================

Swisstreasure 25.11.2010 19:04
Zum Schluss nochmals ein OTL:

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

masi76 26.11.2010 07:54
Code:
OTL logfile created on: 26/11/2010 07:16:13 - Run 2
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Users\Markus\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1,013.00 Mb Total Physical Memory | 410.00 Mb Available Physical Memory | 40.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.41 Gb Total Space | 31.05 Gb Free Space | 44.73% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
 
Computer Name: PIM-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (iatmunin) -- C:\Users\Pim\AppData\Local\Temp\iatmunin.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/31 06:08:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/12 05:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/23 14:33:45 | 000,000,000 | ---D | M]
 
[2008/11/11 18:54:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Extensions
[2010/11/25 09:15:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions
[2010/11/13 07:14:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/23 14:34:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/06 21:46:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/23 14:34:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/23 14:32:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/11/12 05:54:07 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/11/12 05:54:07 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/11/12 05:54:07 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/11/12 05:54:07 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/11/12 05:54:07 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/10/30 06:45:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/11/25 07:27:28 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\QuickScan
[2010/11/23 14:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/23 14:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/22 17:15:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/22 09:31:36 | 000,094,848 | ---- | C] (GMER) -- C:\uwldapow.sys
[2010/11/16 23:03:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/16 23:03:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/16 23:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/09 08:33:08 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Avira
[2010/11/08 08:11:26 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/11/08 08:11:26 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/10/30 06:45:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/10/30 06:40:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/27 14:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/19 19:45:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Markus\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010/11/26 07:20:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/11/26 07:05:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/26 06:14:43 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/26 06:06:46 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/26 06:03:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/26 06:03:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/26 06:03:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/26 06:03:16 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/25 10:07:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/23 12:52:18 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/23 12:52:18 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/23 10:51:12 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/11/22 13:22:27 | 138,622,950 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/22 09:31:36 | 000,094,848 | ---- | M] (GMER) -- C:\uwldapow.sys
[2010/11/22 09:13:43 | 000,000,000 | ---- | M] () -- C:\Users\Markus\defogger_reenable
[2010/11/16 23:03:43 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/16 22:40:55 | 000,441,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/11/12 07:10:13 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{52C964EE-F448-412B-8FE7-0550962111FD}.job
[2010/11/09 08:36:09 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/11/02 07:48:44 | 000,001,680 | ---- | M] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/10/30 06:45:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
 
========== Files Created - No Company Name ==========
 
[2010/11/22 09:13:43 | 000,000,000 | ---- | C] () -- C:\Users\Markus\defogger_reenable
[2010/11/16 23:03:43 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/12 08:14:30 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/12 07:10:13 | 000,000,424 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{52C964EE-F448-412B-8FE7-0550962111FD}.job
[2010/11/02 07:48:44 | 000,001,680 | ---- | C] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/10/30 07:45:40 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/27 12:20:56 | 138,622,950 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/05/19 19:45:14 | 000,000,033 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.log
[2010/05/19 19:45:13 | 000,007,887 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.cat
[2010/05/19 19:45:13 | 000,001,144 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.inf
[2009/10/21 14:14:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/12 14:22:52 | 000,059,904 | ---- | C] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 03:52:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\QSwitch.txt
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\DSwitch.txt
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\AtStart.txt
[2008/09/08 19:24:54 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2008/03/27 01:00:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/11/08 14:24:54 | 000,000,167 | ---- | C] () -- C:\Windows\wininit.ini
[2007/11/06 21:27:30 | 000,090,112 | ---- | C] () -- C:\Windows\System32\custmon2k.dll
[2007/09/20 18:50:48 | 000,009,793 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/07/14 10:51:35 | 000,001,634 | ---- | C] () -- C:\Windows\bsm.ini
[2007/06/20 12:19:09 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/06/06 11:23:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/06 12:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/06 10:05:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/06 10:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/06 10:00:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 08:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 08:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/01/24 10:29:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\lxaxlcnp.dll
 
========== LOP Check ==========
 
[2009/11/13 18:11:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\AvaTrader
[2009/08/26 06:58:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HaCon
[2008/11/01 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PC Suite
[2010/11/25 07:28:21 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\QuickScan
[2009/05/20 08:48:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Thunderbird
[2010/05/19 19:45:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Vso
[2010/11/25 10:07:40 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/26 07:20:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/11/12 07:10:13 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{52C964EE-F448-412B-8FE7-0550962111FD}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2007/05/31 11:24:09 | 000,000,090 | ---- | M] () -- C:\bcmwl6.log
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/11/26 06:03:16 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2007/02/01 09:24:24 | 000,258,048 | ---- | M] (Hewlett-Packard) -- C:\hpzids01.dll
[2008/02/25 21:11:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/02/25 21:11:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/26 06:03:14 | 1377,177,600 | -HS- | M] () -- C:\pagefile.sys
[2010/11/22 09:31:36 | 000,094,848 | ---- | M] (GMER) -- C:\uwldapow.sys
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/09/13 13:50:46 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/02 11:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2007/03/28 13:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2008/01/19 08:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2002/02/19 18:38:15 | 000,077,824 | ---- | M] (Lexmark International) -- C:\Windows\System32\spool\prtprocs\w32x86\LXAXPP5C.DLL
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008/10/14 21:56:33 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/19 08:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 12:41:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 12:41:25 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-24 18:20:30
 
<          >

< End of report >


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:20 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131