Lüfter dreht hoch - Ilivid?

v-man0815 · 15.09.2012, 10:10

OK, hier die ComboFix-Datei:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-09-14.03 - superaze 15.09.2012  10:48:46.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.6092.4340 [GMT 2:00]
ausgeführt von:: c:\users\superaze\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Savings Sidekick
c:\program files (x86)\Savings Sidekick\Savings Sidekick.ico
c:\program files (x86)\Savings Sidekick\Savings Sidekick.ini
c:\program files (x86)\Savings Sidekick\Savings SidekickInstaller.log
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\superaze\AppData\Local\Savings Sidekick
c:\users\superaze\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx
c:\windows\IsUn0407.exe
c:\windows\SysWow64\lsprst7.dll
c:\windows\SysWow64\nsprs.dll
c:\windows\SysWow64\serauth1.dll
c:\windows\SysWow64\serauth2.dll
c:\windows\SysWow64\ssprs.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-15 bis 2012-09-15  ))))))))))))))))))))))))))))))
.
.
2012-09-15 08:54 . 2012-09-15 08:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-07 17:26 . 2012-09-07 17:26	--------	d-----w-	c:\program files\pdfforge
2012-09-07 14:31 . 2012-09-07 14:31	--------	d-----w-	c:\users\superaze\AppData\Roaming\pdfforge
2012-09-05 08:36 . 2012-09-05 08:36	--------	d-----w-	c:\program files (x86)\ESET
2012-09-02 09:22 . 2010-11-09 13:35	21992	----a-w-	c:\windows\system32\drivers\cpuz135_x64.sys
2012-09-02 09:22 . 2012-09-02 09:22	--------	d-----w-	c:\program files\CPUID
2012-08-17 19:45 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2012-08-17 19:45 . 2012-05-05 07:46	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2012-08-17 19:45 . 2012-02-11 06:43	751104	----a-w-	c:\windows\system32\win32spl.dll
2012-08-17 19:45 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-17 19:45 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2012-08-17 19:45 . 2012-02-11 05:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2012-08-17 19:45 . 2012-07-04 22:13	59392	----a-w-	c:\windows\system32\browcli.dll
2012-08-17 19:45 . 2012-07-04 22:13	136704	----a-w-	c:\windows\system32\browser.dll
2012-08-17 19:45 . 2012-07-04 22:16	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-08-17 19:45 . 2012-07-04 21:14	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-08-17 19:45 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-17 19:45 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-15 08:54 . 2012-09-15 08:54	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{32AF5F4A-E115-4317-B5C8-EF43D522C888}\offreg.dll
2012-09-13 05:39 . 2012-01-26 08:10	64462936	----a-w-	c:\windows\system32\MRT.exe
2012-09-07 15:04 . 2011-11-24 11:42	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-17 20:26 . 2012-04-02 06:28	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-17 20:26 . 2012-01-14 11:30	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-08 5663616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-03-31 296056]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 135664]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 250056]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynUSB64.sys [2006-11-16 31248]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-27 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-11-04 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-11-04 130864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-15 203776]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-08 465360]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-01-26 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-15 9259520]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-15 301056]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-27 12273408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-11-04 165680]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:26]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 19:44]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 19:44]
.
2012-09-13 c:\windows\Tasks\HPCeeScheduleForsuperaze.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = 
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\SpecialSavings\SpecialSavingsSinged.dll
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://vpn.uibk.ac.at/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\superaze\AppData\Roaming\Mozilla\Firefox\Profiles\9od2n9tg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Photoshop 6.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-15  10:56:02
ComboFix-quarantined-files.txt  2012-09-15 08:56
.
Vor Suchlauf: 14 Verzeichnis(se), 258.978.545.664 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 258.856.591.360 Bytes frei
.
- - End Of File - - 4F9807CA45C474C289FB7260F5CCBB91

--- --- ---

cosinus · 16.09.2012, 11:53

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

v-man0815 · 17.09.2012, 21:14

Bei GMER war das Fester leer, wenn ich im Reiter (wie beschrieben) Rootkit/Maleware gewählt hatte. Auch konnte ich längst nicht bei allen Kästchen rechts ein Häkchen setzen.
Anschließend kam die Meldung, dass nichts gefunden wurde – ich kann hierzu also auch keine Log-Datei posten.

>>>
hier das OSAM-Log:

Code:

ATTFilter

 OSAM Logfile:

	Code: 

 ATTFilter

  
	Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:10:47 on 17.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"HPCeeScheduleForsuperaze.job" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"cpuz135" (cpuz135) - "CPUID" - C:\Windows\system32\drivers\cpuz135_x64.sys
"CyberLink WebCam Virtual Driver" (clwvd) - ? - C:\Windows\System32\DRIVERS\clwvd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
"SynasUSB" (SynasUSB) - "SIA Syncrosoft" - C:\Windows\System32\drivers\SynUSB64.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products (Canada) Ltd." - C:\Program Files\Tracker Software\Shell Extensions\win32\XCShInfo.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{E54729E8-BB3D-4270-9D49-7389EA579090} "EasyBits ShellExecute Hook" - "EasyBits Software Corp." - C:\Windows\SysWow64\EZUPBH~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products (Canada) Ltd." - C:\Program Files\Tracker Software\Shell Extensions\win32\XCShInfo.dll
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products (Canada) Ltd." - C:\Program Files\Tracker Software\Shell Extensions\win32\XCShInfo.dll
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products (Canada) Ltd." - C:\Program Files\Tracker Software\Shell Extensions\win32\XCShInfo.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files (x86)\real\realplayer\rpshell.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
ITBar7Height64 "ITBar7Height64" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CC679CB8-DC4B-458B-B817-D447B3B6AC31} "Cisco AnyConnect VPN Client Web Control" - "Cisco Systems, Inc." - C:\Windows\SysWow64\vpnweb.ocx / https://vpn.uibk.ac.at/CACHE/stc/1/binaries/vpnweb.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204  (File not found)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} "SpecialSavings" - "SpecialSavings" - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{74F475FA-6C75-43BD-AAB9-ECDA6184F600} "SpecialSavings" - "SpecialSavings" - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll
{8590886E-EC8C-43C1-A32C-E4C2B0B6395B} "TrueSuite Website Log On" - "HP" - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\superaze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"BCSSync" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"DivXUpdate" - ? - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Easybits Recovery" - "EasyBits Software AS" - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
"HP Quick Launch" - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
"HPConnectionManager" - "Hewlett-Packard Development Company L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
"HPOSD" - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"NUSB3MON" - "Renesas Electronics Corporation" - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
"Easybits Services for Windows" (ezSharedSvc) - ? - C:\Windows\System32\ezSharedSvcHost.exe  (File not found)
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"HP Client Services" (HPClientSvc) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
"HP Connection Manager 4.0 Service" (hpCMSrv) - "Hewlett-Packard Development Company L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
"HP Quick Synchronization Service" (HPDrvMntSvc.exe) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
"HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
"HPWMISVC" (HPWMISVC) - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
"Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"TrueSuiteService" (FPLService) - "HP" - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "EasyBits Software AS" - C:\Windows\SysWOW64\ezScrSvr.scr

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 19.09.2012, 08:38

Ja GMER läuft nicht immer - aber was ist mit aswMBR?

v-man0815 · 20.09.2012, 07:44

Code:

ATTFilter

 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-20 08:34:02
-----------------------------
08:34:02.466    OS Version: Windows x64 6.1.7601 Service Pack 1
08:34:02.466    Number of processors: 4 586 0x2A07
08:34:02.467    ComputerName: SUPERAZE-HP  UserName: superaze
08:34:04.039    Initialize success
08:35:42.963    AVAST engine defs: 12091901
08:39:54.448    The log file has been saved successfully to "C:\Users\superaze\Desktop\aswMBR-Log - 20-9-2012.txt"

Kann ich aswMBR jetzt schließen, ohne irgendwelche weiteren Schritte (z.B. Fix) unternommen zu haben?

cosinus · 20.09.2012, 14:52

aswMBR lief nicht richtig. Erstell damit bitte richtig nach meiner Anleitung nochmal ein Log

v-man0815 · 21.09.2012, 06:43

Code:

ATTFilter

 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-21 07:38:48
-----------------------------
07:38:48.927    OS Version: Windows x64 6.1.7601 Service Pack 1
07:38:48.927    Number of processors: 4 586 0x2A07
07:38:48.927    ComputerName: SUPERAZE-HP  UserName: superaze
07:38:50.222    Initialize success
07:39:07.321    AVAST engine download error: 0
07:39:07.321    AVAST engine defs: 12091901
07:39:20.613    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:39:20.628    Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3
07:39:20.659    Disk 0 MBR read successfully
07:39:20.659    Disk 0 MBR scan
07:39:20.659    Disk 0 Windows 7 default MBR code
07:39:20.675    Disk 0 Partition 1 00     42          SFS                 0 MB offset 63
07:39:20.675    Disk 0 Partition 2 80 (A) 42          SFS NTFS          199 MB offset 2048
07:39:20.691    Disk 0 Partition 3 00     42          SFS NTFS       298229 MB offset 409600
07:39:20.706    Disk 0 Partition 4 00     42          SFS NTFS       312050 MB offset 611182592
07:39:20.722    Disk 0 scanning C:\Windows\system32\drivers
07:39:20.722    Service scanning
07:39:50.970    Modules scanning
07:39:51.501    Disk 0 trace - called modules:
07:39:51.891    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 
07:39:51.891    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800845b060]
07:39:51.906    3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> [0xfffffa80082ccb10]
07:39:51.906    5 hpdskflt.sys[fffff880017f2361] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006550050]
07:39:52.905    AVAST engine scan C:\Windows
07:39:52.905    AVAST engine scan C:\Windows\system32
07:39:52.920    AVAST engine scan C:\Windows\system32\drivers
07:39:52.936    AVAST engine scan C:\Users\superaze
07:39:52.951    AVAST engine scan C:\ProgramData
07:39:52.951    Scan finished successfully
07:40:35.674    Disk 0 MBR has been saved successfully to "C:\Users\superaze\Desktop\MBR.dat"
07:40:35.674    The log file has been saved successfully to "C:\Users\superaze\Desktop\aswMBR-Log - 21-9-2012.txt"

cosinus · 21.09.2012, 15:04

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

v-man0815 · 22.09.2012, 13:48

Code:

ATTFilter

 
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.22.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
superaze :: SUPERAZE-HP [Administrator]

22.09.2012 10:26:56
mbam-log-2012-09-22 (10-26-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (B:\|C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 485205
Laufzeit: 1 Stunde(n), 40 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 

 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/22/2012 at 02:45 PM

Application Version : 5.5.1016

Core Rules Database Version : 7986
Trace Rules Database Version: 5798

Scan type       : Complete Scan
Total Scan Time : 01:17:22

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 843
Memory threats detected   : 0
Registry items scanned    : 73491
Registry threats detected : 0
File items scanned        : 142359
File threats detected     : 91

Adware.Tracking Cookie
	C:\Users\superaze\AppData\Roaming\Microsoft\Windows\Cookies\2TKOJ4BQ.txt [ /apmebf.com ]
	C:\Users\superaze\AppData\Roaming\Microsoft\Windows\Cookies\AP8FG43X.txt [ /fastclick.net ]
	C:\Users\superaze\AppData\Roaming\Microsoft\Windows\Cookies\0A3BWYYW.txt [ /tracking.quisma.com ]
	C:\Users\superaze\AppData\Roaming\Microsoft\Windows\Cookies\L220ZCZE.txt [ /zanox.com ]
	C:\Users\superaze\AppData\Roaming\Microsoft\Windows\Cookies\96QQA5Z6.txt [ /ad.zanox.com ]
	C:\Users\superaze\AppData\Roaming\Microsoft\Windows\Cookies\5UMRS6EM.txt [ /mediaplex.com ]
	C:\USERS\SUPERAZE\Cookies\2TKOJ4BQ.txt [ Cookie:superaze@apmebf.com/ ]
	C:\USERS\SUPERAZE\Cookies\0A3BWYYW.txt [ Cookie:superaze@tracking.quisma.com/ ]
	C:\USERS\SUPERAZE\Cookies\96QQA5Z6.txt [ Cookie:superaze@ad.zanox.com/ ]
	C:\USERS\SUPERAZE\Cookies\5UMRS6EM.txt [ Cookie:superaze@mediaplex.com/ ]
	.doubleclick.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	server.adformdsp.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adformdsp.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	stat.dealtime.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	tradefx.advertserve.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	www.ardmediathek.de [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	forexyard.advertserve.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	gsadserver.de [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]

cosinus · 22.09.2012, 18:46

Code:

ATTFilter

UAC On - Limited User

Wie hast du SUPERAntiSpyware gestartet? Einfach per Doppelklick?

v-man0815 · 23.09.2012, 08:03

Ich habe SUPERAntiSpyware geöffnet und dann den Button „Scan your Computer …“ angeklickt.

cosinus · 23.09.2012, 16:51

Danach hab ich nicht gefragt! Mit ist schon klar, dass du SUPERAntiSpyware gestartet hast aberich wollte wissen wie genau!

v-man0815 · 23.09.2012, 20:10

…tut mir leid: jetzt weiß ich wirklich nicht, was du meinst. Ich habe SUPERAntiSpyware so gestartet, wie man das eben macht (und wie ich es beschrieben habe). Was für andere Möglichkeiten gibt es denn sonst noch?

cosinus · 24.09.2012, 12:33

Lesen der Anleitung hilft!!

Benutzer mit Windows Vista und Windows 7 starten das Tool bitte wieder per Rechtsklick => als Administrator ausführen!

v-man0815 · 24.09.2012, 15:21

Lesen der Anleitung hilft …

Ich weiß deine Mühe wirklich zu schätzen und verstehe ja, dass es ärgerlich ist, wenn jemand die Instruktionen nicht richtig befolgt.

Aber wie wäre es gewesen, wenn du klar gefragt hättest, ob ich SUPERAntiSpyware als Administrator gestartet habe (anstatt: „einfach mit Doppelklick“)?

Da meine Benutzerkontenenstellung so eingerichtet ist, dass ich vor Programmen wie SUPERAntiSpyware um „Erlaubnis“ gefragt werde, dachte ich, dies sei dann dasselbe, wie wenn ich per Rechtsklick als Administrator ausführe. Nun kannst du wieder sagen, dass ich das doch wissen müsste … wie kann man nur so blöd sein …
In jedem Fall habe ich die Anleitung gelesen, war aber in dem Glauben, mein Vorgehen sei gleichwertig.

Ich finde, nicht nur Lesen der Anleitung hilft, sondern auch ein klares Formulieren der Frage.

Code:

ATTFilter

 

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/24/2012 at 03:32 PM

Application Version : 5.5.1016

Core Rules Database Version : 7986
Trace Rules Database Version: 5798

Scan type       : Complete Scan
Total Scan Time : 01:17:59

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 838
Memory threats detected   : 0
Registry items scanned    : 73509
Registry threats detected : 0
File items scanned        : 145066
File threats detected     : 113

Adware.Tracking Cookie
	C:\Users\superaze\AppData\Roaming\Microsoft\Windows\Cookies\8VSXHHO7.txt [ /apmebf.com ]
	C:\Users\superaze\AppData\Roaming\Microsoft\Windows\Cookies\5792BQWO.txt [ /tracking.quisma.com ]
	C:\Users\superaze\AppData\Roaming\Microsoft\Windows\Cookies\N5Y8TIYM.txt [ /zanox.com ]
	C:\Users\superaze\AppData\Roaming\Microsoft\Windows\Cookies\EBNWE3G6.txt [ /mediathek.daserste.de ]
	C:\Users\superaze\AppData\Roaming\Microsoft\Windows\Cookies\4S4DAWEC.txt [ /atdmt.com ]
	C:\Users\superaze\AppData\Roaming\Microsoft\Windows\Cookies\NJEZUF02.txt [ /ad.zanox.com ]
	C:\Users\superaze\AppData\Roaming\Microsoft\Windows\Cookies\2WL8BAXT.txt [ /mediaplex.com ]
	C:\USERS\SUPERAZE\Cookies\8VSXHHO7.txt [ Cookie:superaze@apmebf.com/ ]
	C:\USERS\SUPERAZE\Cookies\5792BQWO.txt [ Cookie:superaze@tracking.quisma.com/ ]
	C:\USERS\SUPERAZE\Cookies\4S4DAWEC.txt [ Cookie:superaze@atdmt.com/ ]
	C:\USERS\SUPERAZE\Cookies\NJEZUF02.txt [ Cookie:superaze@ad.zanox.com/ ]
	C:\USERS\SUPERAZE\Cookies\2WL8BAXT.txt [ Cookie:superaze@mediaplex.com/ ]
	.revsci.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	www.findhorn.org [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	www.findhorn.org [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.findhorn.org [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.findhorn.org [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.findhorn.org [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	adx2.chip.de [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.managementcircleag.122.2o7.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	gsadserver.de [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	tradefx.advertserve.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.pointroll.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.pointroll.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\SUPERAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OD2N9TG.DEFAULT\COOKIES.SQLITE ]

19.09.2012, 08:38	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Lüfter dreht hoch - Ilivid? Ja GMER läuft nicht immer - aber was ist mit aswMBR? __________________ Logfiles bitte immer in CODE-Tags posten

20.09.2012, 14:52	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Lüfter dreht hoch - Ilivid? aswMBR lief nicht richtig. Erstell damit bitte richtig nach meiner Anleitung nochmal ein Log __________________ --> Lüfter dreht hoch - Ilivid?

21.09.2012, 15:04	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Lüfter dreht hoch - Ilivid? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

22.09.2012, 18:46	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Lüfter dreht hoch - Ilivid? Code: ATTFilter UAC On - Limited User Wie hast du SUPERAntiSpyware gestartet? Einfach per Doppelklick? __________________ Logfiles bitte immer in CODE-Tags posten

23.09.2012, 16:51	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Lüfter dreht hoch - Ilivid? Danach hab ich nicht gefragt! Mit ist schon klar, dass du SUPERAntiSpyware gestartet hast aberich wollte wissen wie genau! __________________ Logfiles bitte immer in CODE-Tags posten

Lüfter dreht hoch - Ilivid?

Log-Analyse und Auswertung: Lüfter dreht hoch - Ilivid?