Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner gefunden (Windows 7) (https://www.trojaner-board.de/110760-trojaner-gefunden-windows-7-a.html)

Klecks1988 11.03.2012 17:49
CC Cleaner Log Scan

Code:
Logfile vom Scan via 7-Zip 9.20                08.03.2012               
Adobe AIR        Adobe Systems Inc.        01.03.2012                2.5.1.17730
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        01.03.2012        6,00MB        10.1.53.64
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        08.03.2012        6,00MB        11.1.102.63
Adobe Reader 9.5.0 - Deutsch        Adobe Systems Incorporated        30.01.2012        118,3MB        9.5.0
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        01.03.2012                11.5.9.620
Apple Application Support        Apple Inc.        08.03.2012        61,0MB        2.1.7
Apple Mobile Device Support        Apple Inc.        08.03.2012        24,2MB        5.1.1.4
Apple Software Update        Apple Inc.        17.07.2011        2,38MB        2.1.3.127
BeCyPDFMetaEdit        Benjamin Bentmann        01.03.2012                2.37.0
Bonjour        Apple Inc.        19.10.2011        1,02MB        3.0.0.10
Boot Camp-Dienste        Apple Inc.        30.08.2011        193,9MB        3.3.2921
CCleaner        Piriform        10.03.2012                3.16
DivX-Setup        DivX, Inc.        01.03.2012                1.0.2.23
DoremiSoft AVI to MP4 Converter 1.0        DoremiSoft, Inc.        01.03.2012                1.0
Driver Detective        PC Drivers HeadQuarters        17.07.2010        9,95MB        8.0.1
DriverAgent by eSupport.com                01.03.2012               
EA Download Manager UI        Electronic Arts        01.03.2012                6.0.4.10
ESET Online Scanner v3                04.03.2012               
EventGhost 0.3.7.r1462        EventGhost Project        25.06.2010                0.3.7.r1462
EVEREST Home Edition v2.20        Lavalys Inc        01.03.2012                2.20
Facebook Video Calling 1.1.1.1        Skype Limited        21.02.2012        3,93MB        1.1.1
Fraps                01.03.2012               
Free Audio CD Burner version 1.4        DVDVideoSoft Limited.        21.07.2010        8,08MB       
Free Audio Converter version 2.2.9        DVDVideoSoft Limited.        21.11.2010        25,6MB       
Free YouTube Download 2.10        DVDVideoSoft Limited.        21.11.2010        26,1MB       
Free YouTube to MP3 Converter version 3.7        DVDVideoSoft Limited.        21.07.2010        32,0MB       
G Data InternetSecurity 2011        G Data Software AG        28.01.2011        69,7MB        21.0.0.0
Game Booster        IObit        16.07.2010        3,18MB        1.5.0.96
Garmin Training Center        Garmin Ltd or its subsidiaries        30.06.2010        43,6MB        3.4.5
Garmin USB Drivers        Garmin Ltd or its subsidiaries        30.06.2010        0,12MB        2.3.0.0
GMATPrep(TM)        Graduate Management Admission Council ®        02.10.2011                2.3.601.409
Google Earth        Google        24.11.2011        92,7MB        6.1.0.5001
iCloud        Apple Inc.        08.03.2012        24,3MB        1.1.0.40
ICQ 7.2 Build #3129 Banner Remover 1.0        murb.com        16.07.2010        1,02MB       
ICQ7.2        ICQ        16.12.2010                7.2
Intel(R) Programm für Prozessor-IDs        Intel Corporation        16.07.2010        3,97MB        4.22.0000
iTunes        Apple Inc.        08.03.2012        157,4MB        10.6.0.40
Java(TM) 6 Update 27        Oracle        19.09.2011        95,0MB        6.0.270
Logitech SetPoint 6.32        Logitech        01.03.2012        39,1MB        6.32.20
Malwarebytes Anti-Malware Version 1.60.1.1000        Malwarebytes Corporation        01.03.2012        17,3MB        1.60.1.1000
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        01.03.2012        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        01.03.2012        2,94MB        4.0.30319
Microsoft Office File Validation Add-In        Microsoft Corporation        15.09.2011        7,95MB        14.0.5130.5003
Microsoft Office Standard 2007        Microsoft Corporation        07.03.2012                12.0.6612.1000
Microsoft Project Professional 2010        Microsoft Corporation        01.03.2012                14.0.6029.1000
Microsoft Silverlight        Microsoft Corporation        15.02.2012        40,5MB        4.1.10111.0
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        22.06.2011        0,29MB        8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        18.08.2010        0,20MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        04.05.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        14.08.2010        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        22.06.2011        0,59MB        9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        13.11.2011        15,0MB        10.0.40219
MobileMe Control Panel        Apple Inc.        26.10.2011        12,9MB        3.1.8.0
Mozilla Firefox 10.0.2 (x86 de)        Mozilla        01.03.2012        43,0MB        10.0.2
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        20.06.2010        35,00KB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        20.06.2010        1,33MB        4.20.9876.0
MyTomTom 3.1.0.530        TomTom        01.03.2012                3.1.0.530
NVIDIA 3D Vision Treiber 285.62        NVIDIA Corporation        11.11.2011                285.62
NVIDIA Display Control Panel        NVIDIA Corporation        01.03.2012                6.14.12.5721
NVIDIA Drivers        NVIDIA Corporation        01.03.2012        67,5MB        1.10.61.39
NVIDIA Grafiktreiber 285.62        NVIDIA Corporation        11.11.2011                285.62
NVIDIA PhysX-Systemsoftware 9.11.0621        NVIDIA Corporation        11.11.2011                9.11.0621
NVIDIA Update 1.5.20        NVIDIA Corporation        11.11.2011                1.5.20
Octoshape add-in for Adobe Flash Player                07.08.2010               
Octoshape Streaming Services                18.08.2010               
Oracle IRM Desktop        Oracle Corporation        04.03.2012        23,2MB        11.1.54.2
PASW Statistics 18        SPSS Inc.        03.12.2010        600MB        18.0.0
PDFCreator        Frank Heindörfer, Philip Chinery        06.03.2012                1.2.3
pdfsam                19.09.2011                2.2.1
Pharos                01.03.2012               
PunkBuster for Joint Operations: Typhoon Rising                01.03.2012                1.00.0000
PunkBuster Services        Even Balance, Inc.        01.03.2012                0.988
QuickTime        Apple Inc.        26.10.2011        73,3MB        7.71.80.42
RealPlayer        RealNetworks        01.03.2012               
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        09.08.2010                6.0.1.5936
Safari        Apple Inc.        14.12.2011        43,3MB        5.34.52.7
Samsung Drive Manager        Clarus        05.01.2012                1.0.140
SAMSUNG Mobile Composite Device Software                01.03.2012               
SAMSUNG Mobile Modem Driver Set                01.03.2012               
Samsung Mobile phone USB driver Drive Software                01.03.2012               
SAMSUNG Mobile USB Modem 1.0 Software                01.03.2012               
SAMSUNG Mobile USB Modem Software                01.03.2012               
Samsung PC Studio 3        Samsung Electronics Co., Ltd.        19.06.2010                3.2.2.80601
Shape Collage        Shape Collage Inc.        01.03.2012               
SharpKeys        RandyRants.com        02.09.2010        88,00KB        2.1.1000
Skype Click to Call        Skype Technologies S.A.        03.03.2012        14,4MB        5.9.9216
Skype™ 5.8        Skype Technologies S.A.        05.03.2012        19,0MB        5.8.158
SpeedFan (remove only)                01.03.2012               
Steam        Valve Corporation        11.11.2011        35,5MB        1.0.0.0
System Requirements Lab                01.03.2012               
TeamSpeak 3 Client        TeamSpeak Systems GmbH        01.03.2012               
The Elder Scrolls V: Skyrim        Bethesda Game Studios        01.03.2012               
Trojan Remover 6.8.3        Simply Super Software        01.03.2012        16,3MB        6.8.3
Veetle TV 0.9.18        Veetle, Inc        01.03.2012                0.9.18
Visual Studio C++ 10.0 Runtime        TomTom International B.V.        28.01.2012        8,00KB        10.0.0
VLC media player 1.1.4        VideoLAN        01.03.2012                1.1.4
Winamp        Nullsoft, Inc        01.03.2012                5.621
Winamp Erkennungs-Plug-in        Nullsoft, Inc        15.09.2011        75,00KB        1.0.0.1
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)        Garmin        01.03.2012                06/03/2009 2.3.0.0
Windows Media Player Firefox Plugin        Microsoft Corp        15.06.2010        0,29MB        1.0.0.8
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (01/11/2008 3.4.3.18)        Apple Inc.        01.03.2012                01/11/2008 3.4.3.18
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.8.3.10)        Apple Inc.        01.03.2012                02/01/2008 3.8.3.10
Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)        Apple Inc.        01.03.2012                06/27/2007 2.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1)        Apple Inc.        01.03.2012                04/27/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)        Apple Inc.        01.03.2012                11/23/2009 3.1.0.1
Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)        Apple Inc.        01.03.2012                10/25/2007 2.0.1.0
Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)        Apple Inc.        01.03.2012                01/23/2009 3.0.0.0
Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)        Apple Inc.        01.03.2012                02/21/2008 2.0.4.0
Windows-Treiberpaket - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)        Apple Inc.        01.03.2012                04/06/2009 3.0.0.0
Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)        Apple Inc.        01.03.2012                05/05/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)        Apple Inc.        01.03.2012                03/25/2009 2.1.2.112
Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)        Apple Inc.        01.03.2012                05/05/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)        Apple Inc.        01.03.2012                09/10/2009 3.0.0.0
Windows-Treiberpaket - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)        Apple Inc.        01.03.2012                10/05/2010 3.2.0.1
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)        Apple Inc.        01.03.2012                03/25/2009 2.1.2.112
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)        Apple Inc.        01.03.2012                05/05/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)        Apple Inc.        01.03.2012                09/10/2009 3.0.0.0
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)        Apple Inc.        01.03.2012                10/05/2010 3.2.0.1
Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)        Apple Inc.        01.03.2012                01/17/2008 2.0.2.2
Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)        Apple Inc.        01.03.2012                05/17/2010 3.1.0.0
Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)        Apple Inc.        01.03.2012                04/05/2011 3.2.0.8
Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)        Apple Inc.        01.03.2012                07/13/2009 3.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)        Apple Inc.        01.03.2012                07/13/2009 3.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)        Apple Inc.        01.03.2012                06/01/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)        Apple Inc.        01.03.2012                11/30/2009 3.0.0.6
Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)        Apple Inc.        01.03.2012                08/24/2010 3.1.0.7
Windows-Treiberpaket - Apple Inc. Bluetooth  (11/23/2009 3.0.0.4)        Apple Inc.        01.03.2012                11/23/2009 3.0.0.4
Windows-Treiberpaket - Apple Inc. System  (08/22/2008 2.1.1.1)        Apple Inc.        01.03.2012                08/22/2008 2.1.1.1
Windows-Treiberpaket - Atheros Communications Inc. (athr) Net  (11/18/2009 8.0.0.258)        Atheros Communications Inc.        01.03.2012                11/18/2009 8.0.0.258
Windows-Treiberpaket - Broadcom (b57nd60x) Net  (05/28/2009 12.2.0.3)        Broadcom        01.03.2012                05/28/2009 12.2.0.3
Windows-Treiberpaket - Broadcom (BCM43XX) Net  (08/21/2009 5.60.18.8)        Broadcom        01.03.2012                08/21/2009 5.60.18.8
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (01/02/2010 6.6001.1.21)        Cirrus Logic, Inc.        01.03.2012                01/02/2010 6.6001.1.21
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (08/16/2010 6.6001.1.26)        Cirrus Logic, Inc.        01.03.2012                08/16/2010 6.6001.1.26
Windows-Treiberpaket - Intel (e1express) Net  (02/06/2008 9.12.17.0)        Intel        01.03.2012                02/06/2008 9.12.17.0
Windows-Treiberpaket - Intel (E1G60) Net  (01/08/2008 8.3.9.0)        Intel        01.03.2012                01/08/2008 8.3.9.0
Windows-Treiberpaket - Intel (e1kexpress) Net  (07/22/2008 10.3.45.0)        Intel        01.03.2012                07/22/2008 10.3.45.0
Windows-Treiberpaket - Intel (e1qexpress) Net  (08/05/2008 10.3.49.0)        Intel        01.03.2012                08/05/2008 10.3.49.0
Windows-Treiberpaket - Intel (e1yexpress) Net  (07/16/2008 9.52.10.0)        Intel        01.03.2012                07/16/2008 9.52.10.0
Windows-Treiberpaket - Intel Net  (02/06/2008 9.12.18.0)        Intel        01.03.2012                02/06/2008 9.12.18.0
Windows-Treiberpaket - Intel Net  (06/13/2008 9.52.9.0)        Intel        01.03.2012                06/13/2008 9.52.9.0
Windows-Treiberpaket - Intel Net  (07/22/2008 10.3.45.0)        Intel        01.03.2012                07/22/2008 10.3.45.0
Windows-Treiberpaket - Intel Net  (08/05/2008 10.3.49.0)        Intel        01.03.2012                08/05/2008 10.3.49.0
Windows-Treiberpaket - Intel Net  (11/07/2007 8.10.1.0)        Intel        01.03.2012                11/07/2007 8.10.1.0
Windows-Treiberpaket - Intel System  (07/20/2007 1.2.76.0)        Intel        01.03.2012                07/20/2007 1.2.76.0
Windows-Treiberpaket - Marvell (yukonwlh) Net  (03/23/2007 10.12.7.3)        Marvell        01.03.2012                03/23/2007 10.12.7.3
WinRAR                01.03.2012               
Xvid 1.2.2 final uninstall        Xvid team (Koepi)        01.03.2012                1.2
Ich hoffe, dass mein Vorgehen richtig ist. Bitte lass es mich wissen, wenn ich in Zukunft anders vorgehen soll!! Vielen Dank :)

Klecks1988 11.03.2012 21:09
Mein Malwarebytes Scan Log
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.11.08

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Xxxander :: XXX-PC [Administrator]

Schutz: Deaktiviert

11.03.2012 17:58:33
mbam-log-2012-03-11 (17-58-33).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 328932
Laufzeit: 1 Stunde(n), 10 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|55639 (Spyware.Zeus) -> Daten: C:\PROGRA~2\LOCALS~1\Temp\msbufn.cmd -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\Local Settings\Temp\msbufn.cmd (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
SuperAntispyware Scan:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/11/2012 at 06:14 PM

Application Version : 5.0.1146

Core Rules Database Version : 8324
Trace Rules Database Version: 6136

Scan type      : Quick Scan
Total Scan Time : 00:23:30

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 505
Memory threats detected  : 0
Registry items scanned    : 27820
Registry threats detected : 0
File items scanned        : 14680
File threats detected    : 3

Adware.Tracking Cookie
        .doubleclick.net [ C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]

cosinus 12.03.2012 15:14
Was soll das? Wieso postest du Log die ich nicht angefordert hab?? Du solltest NUR das Log von CF erstmal posten!

Klecks1988 13.03.2012 07:29
Zitat:
Zitat von cosinus (Beitrag 790405)
Was soll das? Wieso postest du Log die ich nicht angefordert hab?? Du solltest NUR das Log von CF erstmal posten!
Sorry für mein falsches Vorgehen. Anbei der Log vom Combo Fix

Code:
ComboFix 12-03-10.02 - Xxx 13.03.2012  2:14.2.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2792.1868 [GMT 1:00]
ausgeführt von:: c:\users\Xxx\Downloads\ComboFix.exe
AV: G Data InternetSecurity 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Xxx\AppData\Roaming\froot
c:\windows\system32\~.inf
c:\windows\system32\odbcad32.exe
c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-13 bis 2012-03-13  ))))))))))))))))))))))))))))))
.
.
2012-03-13 06:20 . 2012-03-13 06:21        --------        d-----w-        c:\users\Xxx\AppData\Local\temp
2012-03-13 06:20 . 2012-03-13 06:20        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-03-13 06:20 . 2012-03-13 06:20        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-12 20:46 . 2012-03-12 20:56        2512121        ----a-w-        c:\windows\system32\~.tmp
2012-03-11 16:50 . 2012-03-11 16:50        --------        d-----w-        c:\users\Xxx\AppData\Roaming\SUPERAntiSpyware.com
2012-03-11 16:49 . 2012-03-11 16:50        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-03-11 16:49 . 2012-03-11 16:49        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-03-11 16:40 . 2012-03-11 16:40        --------        d-----w-        c:\program files\CCleaner
2012-03-11 15:16 . 2012-03-11 15:17        --------        d-----w-        c:\users\Xxx\AppData\Roaming\kodak
2012-03-11 15:16 . 2012-03-13 03:51        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\offreg.dll
2012-03-11 15:16 . 2012-03-11 15:16        --------        d-----w-        c:\programdata\Local Settings
2012-03-09 15:02 . 2012-03-09 15:02        --------        d-----w-        C:\_OTL
2012-03-09 14:29 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\mpengine.dll
2012-03-09 00:49 . 2012-03-09 00:49        --------        d-----w-        c:\program files\7-Zip
2012-03-09 00:09 . 2012-03-09 00:09        --------        d-----w-        c:\program files\iPod
2012-03-09 00:09 . 2012-03-09 00:11        --------        d-----w-        c:\program files\iTunes
2012-03-07 01:36 . 2001-10-28 16:42        116224        ----a-w-        c:\windows\system32\pdfcmnnt.dll
2012-03-07 01:36 . 1998-06-24 00:00        137000        ----a-w-        c:\windows\system32\MSMAPI32.OCX
2012-03-07 01:36 . 1998-07-06 17:56        125712        ----a-w-        c:\windows\system32\VB6DE.DLL
2012-03-07 01:36 . 1998-07-06 17:55        158208        ----a-w-        c:\windows\system32\MSCMCDE.DLL
2012-03-07 01:36 . 1998-07-06 17:55        64512        ----a-w-        c:\windows\system32\MSCC2DE.DLL
2012-03-07 01:36 . 1998-07-06 00:00        23552        ----a-w-        c:\windows\system32\MSMPIDE.DLL
2012-03-07 01:36 . 2012-03-07 01:36        --------        d-----w-        c:\program files\PDFCreator
2012-03-05 20:48 . 2012-03-05 20:48        --------        d-----w-        c:\users\Xxx\AppData\Roaming\Oracle
2012-03-05 20:35 . 2012-03-05 20:35        --------        d-----w-        c:\program files\Oracle
2012-03-05 20:35 . 2012-03-05 20:35        --------        d-----w-        c:\programdata\Oracle
2012-03-05 20:22 . 2012-03-05 20:22        --------        d-----w-        c:\program files\ESET
2012-03-04 15:56 . 2012-03-04 15:56        --------        d-----w-        c:\program files\Common Files\Skype
2012-03-02 00:52 . 2006-06-19 12:01        69632        ----a-w-        c:\windows\system32\ztvcabinet.dll
2012-03-02 00:52 . 2006-05-25 14:52        162304        ----a-w-        c:\windows\system32\ztvunrar36.dll
2012-03-02 00:52 . 2005-08-26 00:50        77312        ----a-w-        c:\windows\system32\ztvunace26.dll
2012-03-02 00:52 . 2002-03-06 00:00        75264        ----a-w-        c:\windows\system32\unacev2.dll
2012-03-02 00:52 . 2003-02-02 19:06        153088        ----a-w-        c:\windows\system32\UNRAR3.dll
2012-03-02 00:52 . 2012-03-02 07:04        --------        d-----w-        c:\program files\Trojan Remover
2012-03-02 00:52 . 2012-03-02 00:52        --------        d-----w-        c:\users\Xxx\AppData\Roaming\Simply Super Software
2012-03-02 00:52 . 2012-03-02 00:52        --------        d-----w-        c:\programdata\Simply Super Software
2012-03-02 00:45 . 2012-03-02 00:45        --------        d-----w-        c:\users\Xxx\AppData\Roaming\Malwarebytes
2012-03-02 00:45 . 2012-03-02 00:45        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-02 00:45 . 2012-03-02 00:45        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-02 00:45 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-22 17:00 . 2012-02-22 17:00        --------        d-----w-        c:\programdata\Xerox
2012-02-22 17:00 . 2011-06-16 09:24        10240        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\x5print.dll
2012-02-21 23:24 . 2012-02-21 23:24        --------        d-----w-        c:\users\Xxx\AppData\Roaming\NVIDIA
2012-02-21 23:24 . 2012-02-21 23:24        --------        d-----w-        c:\users\Xxx\AppData\Local\Facebook
2012-02-15 11:38 . 2012-01-14 03:35        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-02-15 11:22 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-15 11:21 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-15 11:21 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\system32\ntshrui.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 14:27 . 2011-05-16 10:47        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-06-16 00:01        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-27 22:21 . 2011-12-27 22:21        53248        ----a-r-        c:\users\Xxx\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-12-27 22:21 . 2011-12-27 22:21        16400        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2012-02-18 14:12 . 2011-05-13 08:15        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-08-15 526208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-09 7739936]
"G Data AntiVirus Tray Application"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-05-11 923144]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-10-28 1617416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54        551296        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03        66328        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
backup=c:\windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 23:52        59240        ----a-w-        c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50        1144104        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-10-07 09:40        1387288        ----a-w-        c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-02-21 23:24        137536        ----atw-        c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18        133432        ----a-w-        c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IrmBackground.exe]
2011-12-13 14:37        661888        ----a-w-        c:\program files\Oracle\Information Rights Management\Desktop\IrmBackground.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 18:05        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53        460872        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2011-11-14 11:02        435672        ----a-w-        c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44        70936        ----a-w-        c:\users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-03-09 15:04        7739936        ------w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Drive Manager]
2011-05-26 13:39        5797496        ----a-w-        c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 07:55        17148552        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-12 12:24        1242448        ----a-w-        c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-07 17:40        273528        ----a-w-        c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2012-03-02 00:53        1238800        ----a-w-        c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47        74752        ----a-w-        c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe"  -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 AppleTimeSrv;Apple-Time-Server;c:\windows\system32\AppleTimeSrv.exe [2010-03-09 99640]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 OracleIRMServiceHost;Oracle IRM Desktop Service Host;c:\program files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe [2011-12-13 219536]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [2011-05-26 19456]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-07-17 23456]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon32.sys [2011-09-11 29400]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 NRKCTL32;NRKCTL32; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-21 1343400]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2011-11-04 40440]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2011-11-04 79992]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2011-11-04 54648]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2011-09-11 30256]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2011-11-04 41336]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-08-15 194432]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-10-28 1506824]
S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2011-03-04 381448]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2011-10-28 1554184]
S2 inpout32;inpout32;c:\windows\system32\Drivers\inpout32.sys [2010-07-19 11936]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-08-15 15064]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2010-11-11 12928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-06-27 18944]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-01-31 10880]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-01-31 29824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2011-08-10 1613424]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-09-11 49016]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 457536]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2010-01-10 16512]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-06-02 26624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [2011-03-11 18288]
S3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [2011-05-19 90944]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mchInjDrv
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
- c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24]
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
- c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
FF - ProfilePath - c:\users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe
MSConfigStartUp-UIExec - c:\program files\T-Mobile Internet Manager 03\UIExec.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Xxx\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\SecuROM\License information*]
"datasecu"=hex:6d,3a,85,2f,0e,f5,62,31,25,aa,87,9f,79,7a,6d,bf,ac,b7,ea,82,65,
  de,2e,bd,d1,5f,6f,39,cf,11,45,5e,ad,6a,8b,6d,55,8d,9b,4f,ed,1c,db,ab,41,2d,\
"rkeysecu"=hex:c5,98,fb,ac,ba,22,63,a6,7e,ff,8f,18,7d,3d,62,30
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-13  07:25:00
ComboFix-quarantined-files.txt  2012-03-13 06:24
.
Vor Suchlauf: 12 Verzeichnis(se), 28.978.814.976 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 32.981.110.784 Bytes frei
.
- - End Of File - - A5F8B2C9A3A013B6726716C6B6EA2D95
VG
Klecks

cosinus 13.03.2012 16:59
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
File::
c:\windows\system32\~.tmp
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Klecks1988 13.03.2012 19:34
Hi Arne,

der neue Combo Fix Log. ( Es gab keine Nachfrage bzgl. Neustart)

Combofix Logfile:
Code:
ComboFix 12-03-10.02 - Xxx 13.03.2012  18:41:07.3.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2792.1393 [GMT 1:00]
ausgeführt von:: c:\users\Xxx\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Xxx\Downloads\CFScript.txt
AV: G Data InternetSecurity 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\~.tmp"
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-13 bis 2012-03-13  ))))))))))))))))))))))))))))))
.
.
2012-03-13 17:54 . 2012-03-13 17:54        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-03-13 17:54 . 2012-03-13 17:54        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-13 06:25 . 2012-03-13 17:54        --------        d-----w-        c:\users\Xxx\AppData\Local\temp
2012-03-12 20:46 . 2012-03-12 20:56        2512121        ----a-w-        c:\windows\system32\~.tmp
2012-03-11 16:50 . 2012-03-11 16:50        --------        d-----w-        c:\users\Xxx\AppData\Roaming\SUPERAntiSpyware.com
2012-03-11 16:49 . 2012-03-11 16:50        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-03-11 16:49 . 2012-03-11 16:49        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-03-11 16:40 . 2012-03-11 16:40        --------        d-----w-        c:\program files\CCleaner
2012-03-11 15:16 . 2012-03-11 15:17        --------        d-----w-        c:\users\Xxx\AppData\Roaming\kodak
2012-03-11 15:16 . 2012-03-13 03:51        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\offreg.dll
2012-03-11 15:16 . 2012-03-11 15:16        --------        d-----w-        c:\programdata\Local Settings
2012-03-09 15:02 . 2012-03-09 15:02        --------        d-----w-        C:\_OTL
2012-03-09 14:29 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\mpengine.dll
2012-03-09 00:49 . 2012-03-09 00:49        --------        d-----w-        c:\program files\7-Zip
2012-03-09 00:09 . 2012-03-09 00:09        --------        d-----w-        c:\program files\iPod
2012-03-09 00:09 . 2012-03-09 00:11        --------        d-----w-        c:\program files\iTunes
2012-03-07 01:36 . 2001-10-28 16:42        116224        ----a-w-        c:\windows\system32\pdfcmnnt.dll
2012-03-07 01:36 . 1998-06-24 00:00        137000        ----a-w-        c:\windows\system32\MSMAPI32.OCX
2012-03-07 01:36 . 1998-07-06 17:56        125712        ----a-w-        c:\windows\system32\VB6DE.DLL
2012-03-07 01:36 . 1998-07-06 17:55        158208        ----a-w-        c:\windows\system32\MSCMCDE.DLL
2012-03-07 01:36 . 1998-07-06 17:55        64512        ----a-w-        c:\windows\system32\MSCC2DE.DLL
2012-03-07 01:36 . 1998-07-06 00:00        23552        ----a-w-        c:\windows\system32\MSMPIDE.DLL
2012-03-07 01:36 . 2012-03-07 01:36        --------        d-----w-        c:\program files\PDFCreator
2012-03-05 20:48 . 2012-03-05 20:48        --------        d-----w-        c:\users\Xxx\AppData\Roaming\Oracle
2012-03-05 20:35 . 2012-03-05 20:35        --------        d-----w-        c:\program files\Oracle
2012-03-05 20:35 . 2012-03-05 20:35        --------        d-----w-        c:\programdata\Oracle
2012-03-05 20:22 . 2012-03-05 20:22        --------        d-----w-        c:\program files\ESET
2012-03-04 15:56 . 2012-03-04 15:56        --------        d-----w-        c:\program files\Common Files\Skype
2012-03-02 00:52 . 2006-06-19 12:01        69632        ----a-w-        c:\windows\system32\ztvcabinet.dll
2012-03-02 00:52 . 2006-05-25 14:52        162304        ----a-w-        c:\windows\system32\ztvunrar36.dll
2012-03-02 00:52 . 2005-08-26 00:50        77312        ----a-w-        c:\windows\system32\ztvunace26.dll
2012-03-02 00:52 . 2002-03-06 00:00        75264        ----a-w-        c:\windows\system32\unacev2.dll
2012-03-02 00:52 . 2003-02-02 19:06        153088        ----a-w-        c:\windows\system32\UNRAR3.dll
2012-03-02 00:52 . 2012-03-02 07:04        --------        d-----w-        c:\program files\Trojan Remover
2012-03-02 00:52 . 2012-03-02 00:52        --------        d-----w-        c:\users\Xxx\AppData\Roaming\Simply Super Software
2012-03-02 00:52 . 2012-03-02 00:52        --------        d-----w-        c:\programdata\Simply Super Software
2012-03-02 00:45 . 2012-03-02 00:45        --------        d-----w-        c:\users\Xxx\AppData\Roaming\Malwarebytes
2012-03-02 00:45 . 2012-03-02 00:45        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-02 00:45 . 2012-03-02 00:45        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-03-02 00:45 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-22 17:00 . 2012-02-22 17:00        --------        d-----w-        c:\programdata\Xerox
2012-02-22 17:00 . 2011-06-16 09:24        10240        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\x5print.dll
2012-02-21 23:24 . 2012-02-21 23:24        --------        d-----w-        c:\users\Xxx\AppData\Roaming\NVIDIA
2012-02-21 23:24 . 2012-02-21 23:24        --------        d-----w-        c:\users\Xxx\AppData\Local\Facebook
2012-02-15 11:38 . 2012-01-14 03:35        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-02-15 11:22 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-15 11:21 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-15 11:21 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-15 10:01 . 2012-02-15 10:01        4547944        ----a-w-        c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01        43520        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 14:27 . 2011-05-16 10:47        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-06-16 00:01        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-12-27 22:21 . 2011-12-27 22:21        53248        ----a-r-        c:\users\Xxx\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-12-27 22:21 . 2011-12-27 22:21        16400        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2012-02-18 14:12 . 2011-05-13 08:15        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-08-15 526208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-09 7739936]
"G Data AntiVirus Tray Application"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-05-11 923144]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-10-28 1617416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54        551296        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03        66328        ----a-w-        c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
backup=c:\windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 23:52        59240        ----a-w-        c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28        59240        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50        1144104        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-10-07 09:40        1387288        ----a-w-        c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-02-21 23:24        137536        ----atw-        c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18        133432        ----a-w-        c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IrmBackground.exe]
2011-12-13 14:37        661888        ----a-w-        c:\program files\Oracle\Information Rights Management\Desktop\IrmBackground.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 18:05        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53        460872        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2011-11-14 11:02        435672        ----a-w-        c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44        70936        ----a-w-        c:\users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-03-09 15:04        7739936        ------w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Drive Manager]
2011-05-26 13:39        5797496        ----a-w-        c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 07:55        17148552        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-12 12:24        1242448        ----a-w-        c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-07 17:40        273528        ----a-w-        c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2012-03-02 00:53        1238800        ----a-w-        c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47        74752        ----a-w-        c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe"  -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 AppleTimeSrv;Apple-Time-Server;c:\windows\system32\AppleTimeSrv.exe [2010-03-09 99640]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 OracleIRMServiceHost;Oracle IRM Desktop Service Host;c:\program files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe [2011-12-13 219536]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [2011-05-26 19456]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-07-17 23456]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon32.sys [2011-09-11 29400]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 NRKCTL32;NRKCTL32; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-21 1343400]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2011-11-04 40440]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2011-11-04 79992]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2011-11-04 54648]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2011-09-11 30256]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2011-11-04 41336]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-08-15 194432]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-10-28 1506824]
S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2011-03-04 381448]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2011-10-28 1554184]
S2 inpout32;inpout32;c:\windows\system32\Drivers\inpout32.sys [2010-07-19 11936]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-08-15 15064]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2010-11-11 12928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-06-27 18944]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-01-31 10880]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-01-31 29824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2011-08-10 1613424]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-09-11 49016]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 457536]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2010-01-10 16512]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-06-02 26624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [2011-03-11 18288]
S3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [2011-05-19 90944]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mchInjDrv
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
- c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24]
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
- c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
FF - ProfilePath - c:\users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\SecuROM\License information*]
"datasecu"=hex:6d,3a,85,2f,0e,f5,62,31,25,aa,87,9f,79,7a,6d,bf,ac,b7,ea,82,65,
  de,2e,bd,d1,5f,6f,39,cf,11,45,5e,ad,6a,8b,6d,55,8d,9b,4f,ed,1c,db,ab,41,2d,\
"rkeysecu"=hex:c5,98,fb,ac,ba,22,63,a6,7e,ff,8f,18,7d,3d,62,30
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-13  19:31:25
ComboFix-quarantined-files.txt  2012-03-13 18:31
ComboFix2.txt  2012-03-13 06:25
.
Vor Suchlauf: 16 Verzeichnis(se), 32.989.253.632 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 32.932.249.600 Bytes frei
.
- - End Of File - - 00E97E58E6439C771DD9AA353C3FFFDF
--- --- ---

cosinus 13.03.2012 20:09
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Klecks1988 13.03.2012 22:47
Anbei die GMER und OSAM logs:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:45:54 on 13.03.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job" - "Facebook Inc." - C:\Users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job" - "Facebook Inc." - C:\Users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"IrmControlPanel" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmControlPanel.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AppleHFS" (AppleHFS) - "Apple Inc." - C:\Windows\system32\drivers\AppleHFS.sys
"AppleMNT" (AppleMNT) - "Apple Inc." - C:\Windows\system32\drivers\AppleMNT.sys
"catchme" (catchme) - ? - C:\Users\XXXAN~1\AppData\Local\Temp\catchme.sys  (File not found)
"DrvAgent32" (DrvAgent32) - "Phoenix Technologies" - C:\Windows\system32\Drivers\DrvAgent32.sys
"G Data Network Monitor" (GdNetMon) - "G Data Software AG" - C:\Windows\system32\drivers\GdNetMon32.sys
"G Data Rootkit Detector Driver" (GRD) - "G Data Software" - C:\Windows\system32\drivers\GRD.sys
"G DATA WFP CD" (gdwfpcd) - "G Data Software AG" - C:\Windows\System32\drivers\gdwfpcd32.sys
"GDBehave" (GDBehave) - "G Data Software AG" - C:\Windows\System32\drivers\GDBehave.sys
"GDMnIcpt" (GDMnIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys
"GDPkIcpt" (GDPkIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\PktIcpt.sys
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"HookCentre" (HookCentre) - "G Data Software AG" - C:\Windows\system32\drivers\HookCentre.sys
"inpout32" (inpout32) - "Highresolution Enterprises [www.highrez.co.uk]" - C:\Windows\System32\Drivers\inpout32.sys
"KeyAgent" (KeyAgent) - "Apple Inc." - C:\Windows\system32\drivers\KeyAgent.sys
"Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\Windows\System32\DRIVERS\LMouFilt.Sys
"Mac HAL" (MacHALDriver) - "Apple Inc." - C:\Windows\system32\drivers\MacHALDriver.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"mdf16" (mdf16) - ? - C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys
"mvd23" (mvd23) - ? - C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys
"NRKCTL32" (NRKCTL32) - ? - C:\Windows\system32\drivers\NRKCTL32.sys  (File not found)
"pcidrv" (pcidrv) - ? - C:\Program Files\uICE\devices\pcidrv.sys  (File not found)
"pwldrpod" (pwldrpod) - ? - C:\Users\XXXAN~1\AppData\Local\Temp\pwldrpod.sys  (Hidden registry entry, rootkit activity | File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"ZTE Diagnostic Port" (ZTEusbser6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbser6k.sys  (File not found)
"ZTE Mass Storage Filter Driver" (massfilter) - ? - C:\Windows\System32\drivers\massfilter.sys  (File not found)
"ZTE NMEA Port" (ZTEusbnmea) - ? - C:\Windows\System32\DRIVERS\ZTEusbnmea.sys  (File not found)
"ZTE Proprietary USB Driver" (ZTEusbmdm6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{63EB391D-1797-461B-93C7-54D56FBC86FE} "OracleIRM.SearchShellExt" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmSearchWin2k.dll
{EFC1EE96-E077-4F9D-8AB2-531083179789} "OracleIRM.ShellExtension.ColumnExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\nv3dappshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{E97DEC16-A50D-49bb-AE24-CF682282E08D} "OpenGLShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\nv3dappshext.dll
{63EB391D-1797-461B-93C7-54D56FBC86FE} "OracleIRM.SearchShellExt" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmSearchWin2k.dll
{EFC1EE96-E077-4F9D-8AB2-531083179789} "OracleIRM.ShellExtension.ColumnExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{68751EAA-C2BD-4319-A9E1-58D40ACFA03C} "OracleIRM.ShellExtension.InfotipExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{1E98CD8D-6AE0-47E1-99F7-B6BD24E61AAA} "OracleIRM.ShellExtension.PropertySheetExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{237013E6-C476-4D56-ABB6-40FC3412A78D} "OracleIRM.ShellExtension.ShortcutMenuExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - "Simply Super Software" - C:\PROGRA~1\TROJAN~1\Trshlex.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Xxx Roshal" - C:\Program Files\WinRAR\rarext.dll
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_27.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} "G Data BankGuard" - "G Data Software AG" - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll
{0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"MobileDocuments" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Apple_KbdMgr" - "Apple Inc." - C:\Program Files\Boot Camp\Bootcamp.exe
"G Data AntiVirus Tray Application" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
"GDFirewallTray" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Pharos Systems Popup Port Monitor" - "Pharos Systems International" - C:\Windows\system32\PSR38A0E.DLL
"SealPrintMonitor" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Apple OS Switch Manager" (AppleOSSMgr) - ? - C:\Windows\system32\AppleOSSMgr.exe
"Apple-Time-Server" (AppleTimeSrv) - "Apple Inc." - C:\Windows\system32\AppleTimeSrv.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"G Data AntiVirus Proxy" (AVKProxy) - "G Data Software AG" - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
"G Data Dateisystem Wächter" (AVKWCtl) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
"G Data Personal Firewall" (GDFwSvc) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
"G Data Scanner" (GDScan) - "G Data Software AG" - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
"G Data Scheduler" (AVKService) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Oracle IRM Desktop Service Host" (OracleIRMServiceHost) - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe
"Pharos Systems ComTaskMaster" (Pharos Systems ComTaskMaster) - "Pharos Systems International" - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Samsung Drive Manager Service" (SZDrvSvc) - "Clarus, Inc." - C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-13 22:44:33
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9SA02 rev.FBEAC50F
Running: ub69lq4x.exe; Driver: C:\Users\XXXAN~1\AppData\Local\Temp\pwldrpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13D1                                                                                                          83290369 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                832C9D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?              System32\drivers\awjqyoqt.sys                                                                                                          Das System kann den angegebenen Pfad nicht finden. !
PAGE            peauth.sys                                                                                                                            9D61EB9B 9 Bytes  JMP B9BDA47F
?              C:\Windows\system32\Drivers\mchInjDrv.sys                                                                                              Das System kann die angegebene Datei nicht finden. !
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                            Das System kann die angegebene Datei nicht finden. !
?              C:\Users\XXXAN~1\AppData\Local\Temp\catchme.sys                                                                                      Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          C:\Windows\System32\spoolsv.exe[1904] ntdll.dll!NtClose                                                                                771D54C8 5 Bytes  JMP 020586E0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] ntdll.dll!NtMapViewOfSection                                                                    771D5C28 5 Bytes  JMP 0205B280 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] ntdll.dll!NtQueryDirectoryFile                                                                  771D5F98 5 Bytes  JMP 02056550 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CopyFileW                                                                          76AF6AF7 5 Bytes  JMP 02059A80 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetPrivateProfileIntW                                                              76AF7ACD 5 Bytes  JMP 02059070 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FlushFileBuffers                                                                    76AF84E7 5 Bytes  JMP 02058D30 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!SetFileTime                                                                        76AFC3E2 5 Bytes  JMP 02059630 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetPrivateProfileIntA                                                              76AFDFE8 5 Bytes  JMP 02058FB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!_hread                                                                              76AFFAB0 5 Bytes  JMP 0205A630 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!_llseek                                                                            76AFFADE 5 Bytes  JMP 0205A750 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileSize                                                                        76B00823 5 Bytes  JMP 02058EE0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CreateFileMappingW                                                                  76B0120C 5 Bytes  JMP 0205AEA0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!DeleteFileW                                                                        76B016EF 5 Bytes  JMP 0205A520 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileTime                                                                        76B016FC 5 Bytes  JMP 02059530 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!SetEndOfFile                                                                        76B02BA5 5 Bytes  JMP 02059260 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileAttributesExW                                                                76B0307E 5 Bytes  JMP 02059450 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!DeleteFileA                                                                        76B04382 5 Bytes  JMP 0205A410 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!MoveFileExW                                                                        76B08DB0 5 Bytes  JMP 0205A0E0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileSizeEx                                                                      76B099B1 5 Bytes  JMP 02059190 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindNextFileW                                                                      76B09B4E 5 Bytes  JMP 0205ABB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!ReadFile                                                                            76B09B66 5 Bytes  JMP 02058860 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindNextFileA                                                                      76B0A611 5 Bytes  JMP 0205AB50 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindFirstFileA                                                                      76B0BF53 5 Bytes  JMP 0205A7D0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!DuplicateHandle                                                                    76B0D888 5 Bytes  JMP 0205AD50 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CreateFileW                                                                        76B0E8A5 5 Bytes  JMP 020582A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CreateFileA                                                                        76B0EA61 5 Bytes  JMP 02057EC0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!SetFilePointer                                                                      76B1060D 5 Bytes  JMP 02058D90 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindFirstFileW                                                                      76B1404C 5 Bytes  JMP 0205A900 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileAttributesW                                                                  76B14C14 5 Bytes  JMP 020593E0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindClose                                                                          76B14C24 5 Bytes  JMP 0205AAF0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!OpenFileMappingW                                                                    76B150EA 5 Bytes  JMP 0205B160 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!WriteFile                                                                          76B153EE 5 Bytes  JMP 02058AF0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileType                                                                        76B16AB4 5 Bytes  JMP 02059730 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindFirstFileExW                                                                    76B16BD6 5 Bytes  JMP 0205A9F0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileAttributesA                                                                  76B16C06 5 Bytes  JMP 02059370 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!ReplaceFile                                                                        76B21708 5 Bytes  JMP 0205A310 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CopyFileA                                                                          76B26D5A 5 Bytes  JMP 020598A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!MoveFileW                                                                          76B26ED6 5 Bytes  JMP 02059E90 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!UnlockFile                                                                          76B27B2B 5 Bytes  JMP 02059820 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!LockFile                                                                            76B27B43 5 Bytes  JMP 020597A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetShortPathNameA                                                                  76B29CEE 5 Bytes  JMP 0205AC10 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!MoveFileA                                                                          76B4BF49 5 Bytes  JMP 02059C60 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!_hwrite                                                                            76B4D505 5 Bytes  JMP 0205A6C0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] USER32.dll!GetDCEx                                                                              757A2D57 5 Bytes  JMP 02056AD0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] USER32.dll!GetWindowDC                                                                          757A4AB7 5 Bytes  JMP 02056B40 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] USER32.dll!ReleaseDC                                                                            757A5421 3 Bytes  JMP 02057180 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] USER32.dll!ReleaseDC + 4                                                                        757A5425 1 Byte  [8C]
.text          C:\Windows\System32\spoolsv.exe[1904] USER32.dll!GetDC                                                                                757A544C 5 Bytes  JMP 02056A60 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] USER32.dll!PrintWindow                                                                          757F4D87 5 Bytes  JMP 02057340 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!DeleteDC                                                                              75866EAA 5 Bytes  JMP 02057200 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!BitBlt                                                                                758672C0 5 Bytes  JMP 02056BB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetPixel                                                                              7586C3D5 5 Bytes  JMP 02056D50 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CreateDCA                                                                              7586CCA9 5 Bytes  JMP 020566A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CreateDCW                                                                              7586CF79 5 Bytes  JMP 02056880 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!StretchBlt                                                                            7586F467 5 Bytes  JMP 02056FF0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetMetaFileW                                                                          75871260 5 Bytes  JMP 02057860 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetEnhMetaFileW                                                                        75871341 5 Bytes  JMP 02057980 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CopyMetaFileW                                                                          7587456F 5 Bytes  JMP 02057AA0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetMetaFileA                                                                          75893CD5 5 Bytes  JMP 02057400 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CopyMetaFileA                                                                          758947C6 5 Bytes  JMP 02057640 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!StartDocW                                                                              75895BB0 5 Bytes  JMP 0205D440 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!StartDocA                                                                              758960E1 5 Bytes  JMP 0205D360 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CopyEnhMetaFileW                                                                      7589D651 5 Bytes  JMP 02057CB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetEnhMetaFileA                                                                        7589D758 5 Bytes  JMP 02057520 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] ole32.dll!CoInitializeEx                                                                        756609AD 5 Bytes  JMP 0205D690 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Windows\System32\spoolsv.exe[1904] ole32.dll!DoDragDrop                                                                            7572A827 5 Bytes  JMP 0205B370 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!SetWindowLongA                                                  75798BA3 5 Bytes  JMP 5C1701A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!SetWindowLongW                                                  757A4449 5 Bytes  JMP 5C170135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!GetWindowInfo                                                  757A4B5E 5 Bytes  JMP 5BF00924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!TrackPopupMenu                                                  757B2228 5 Bytes  JMP 5BF00ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[6788] ntdll.dll!LdrLoadDll                                                                771F223E 5 Bytes  JMP 5BD85B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[6788] USER32.dll!GetWindowInfo                                                            757A4B5E 5 Bytes  JMP 5BF0802D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000058                                                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000085                                                                                                        bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000087                                                                                                        bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume10                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0023125dfba3                                                           
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0023125dfba3 (not active ControlSet)                                       

---- Files - GMER 1.0.15 ----

File            C:\Users\Xxx\AppData\Local\temp\fla45F5.tmp                                                                                      7063172 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.16961_none_ea4ba41bb7f3459e                          0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.16961_none_ea4ba41bb7f3459e\d3d10warp.dll            1170944 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.21148_none_eaf1bae6d0fa9229                          0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.21148_none_eaf1bae6d0fa9229\d3d10warp.dll            1170944 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da                                0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntkrnlpa.exe                  3957616 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntoskrnl.exe                  3902320 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_4b5f89133647a225                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_4b5f89133647a225\rdpwd.sys        177152 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21151_none_4bf1cd584f5f2692                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21151_none_4bf1cd584f5f2692\rdpwd.sys        178176 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_4d4117e93370c20c                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_4d4117e93370c20c\rdpwd.sys        183808 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_4dfbc4c44c6a5495                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_4dfbc4c44c6a5495\rdpwd.sys        183808 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f\rdpcorekmts.dll  129536 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f\rdpwsx.dll        57856 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5\rdpcorekmts.dll  129536 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5\rdpwsx.dll        57856 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df\rdpcorekmts.dll  129536 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df\rdpwsx.dll        58880 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a\rdpcorekmts.dll  129536 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a\rdpwsx.dll        58880 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.16952_none_9a0509e7cc4b2b4b                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.16952_none_9a0509e7cc4b2b4b\rdrmemptylst.exe  8192 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21136_none_9aa81fd4e5552bd1                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21136_none_9aa81fd4e5552bd1\rdrmemptylst.exe  8192 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17767_none_9be59873c97531db                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17767_none_9be59873c97531db\rdrmemptylst.exe  8192 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21907_none_9cb016ace2622726                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21907_none_9cb016ace2622726\rdrmemptylst.exe  8192 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16957_none_b8ec4b99fbc02cf6                                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16957_none_b8ec4b99fbc02cf6\win32k.sys                        2341376 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.16961_none_d2856f5960b5f6d1                              0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.16961_none_d2856f5960b5f6d1\DWrite.dll                  1074176 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21143_none_b97c8f4b14d97eb5                                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21143_none_b97c8f4b14d97eb5\win32k.sys                        2350592 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.21148_none_d32b862479bd435c                              0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.21148_none_d32b862479bd435c\DWrite.dll                  1077248 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17776_none_d465fde55ddffd61                              0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17776_none_d465fde55ddffd61\DWrite.dll                  1077248 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.21920_none_d51faa7676da7693                              0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.21920_none_d51faa7676da7693\DWrite.dll                  1077248 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42                                0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntkrnlpa.exe                  3971440 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntoskrnl.exe                  3915632 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7600.21151_none_e5081a03cf558ee4                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7600.21151_none_e5081a03cf558ee4\rdpdd.dll        152064 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7                                0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe                  3968368 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe                  3913584 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9                                0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe                  3971440 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe                  3916656 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_bab80755f8fb5211                                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_bab80755f8fb5211\win32k.sys                        2343424 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_bb84862311e67a0a                                  0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_bb84862311e67a0a\win32k.sys                        2351104 bytes executable

---- EOF - GMER 1.0.15 ----
Lg Klecks

Klecks1988 14.03.2012 07:52
aswMBR stürzt leider immer ab

cosinus 14.03.2012 15:18
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Klecks1988 14.03.2012 18:09
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-14 17:51:03
-----------------------------
17:51:03.429    OS Version: Windows 6.1.7601 Service Pack 1
17:51:03.429    Number of processors: 2 586 0x1706
17:51:03.433    ComputerName: XXX-PC  UserName:
17:51:06.462    Initialize success*
17:51:12.302    AVAST engine defs: 12031300
17:51:34.570    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:51:34.572    Disk 0 Vendor: Hitachi_HTS543225L9SA02 FBEAC50F Size: 238475MB BusType: 3
17:51:34.670    Disk 0 MBR read successfully
17:51:34.672    Disk 0 MBR scan
17:51:34.761    Disk 0 Windows 7 default MBR code
17:51:34.776    Disk 0 Partition 1 00    EE          GPT              200 MB offset 1
17:51:34.999    Disk 0 Partition 2 00    AF  HFS / HFS+            122880 MB offset 409640
17:51:35.073    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS      115266 MB offset 252332032
17:51:35.114    Disk 0 scanning sectors +488396800
17:51:35.267    Disk 0 scanning C:\Windows\system32\drivers
17:52:16.872    Service scanning
17:53:22.141    Modules scanning
17:54:34.778    Disk 0 trace - called modules:
17:54:34.798    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:54:34.798    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865bc210]
17:54:34.798    3 CLASSPNP.SYS[8b47059e] -> nt!IofCallDriver -> [0x86144918]
17:54:34.798    5 ACPI.sys[8ac8f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86101030]
17:54:34.798    Scan finished successfully
17:57:00.609    Disk 0 MBR has been saved successfully to "C:\Users\Xxxxxx\Documents\MBR.dat"
17:57:00.615    The log file has been saved successfully to "C:\Users\Xxxxxx\Documents\aswMBR.txt"
Kannst du schon sagen, wie hoch die Wahrscheinlichkeit ist, dass sich auf meinem Computer noch ein Schädling befindet?

cosinus 14.03.2012 18:31
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Klecks1988 14.03.2012 20:32
hi Arne,

lass gerade beide Programme laufen. Gdata hat gerade folgende Meldung gegeben.
"Die Datei wurde gelöscht.

Datei: C:\Users\Alexander\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\26ef9f36-51f80928
Virus: Java:ClassLoader-U [Trj] (Engine B)"

cosinus 14.03.2012 21:44
Zitat:
Datei: C:\Users\Alexander\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\26ef9f36-51f80928
Man könnte druchaus auch selbst auf die Idee kommen, den Java-Cache mal zu leeren wenn man diesen Ordner sieht :pfeiff:

Leere diesen Ordner => C:\Users\Alexander\AppData\LocalLow\Sun\Java\Deployment\cache

Klecks1988 14.03.2012 22:54
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/14/2012 at 10:09 PM

Application Version : 5.0.1146

Core Rules Database Version : 8335
Trace Rules Database Version: 6147

Scan type      : Complete Scan
Total Scan Time : 03:29:56

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 1046
Memory threats detected  : 0
Registry items scanned    : 37805
Registry threats detected : 0
File items scanned        : 50398
File threats detected    : 203

Adware.Tracking Cookie
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\5XEGG0FA.txt [ /doubleclick.net ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\Y5TGY90R.txt [ /ad.yieldmanager.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\37YUNF1M.txt [ /ar.atwola.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\FOF88BDC.txt [ /ru4.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\OPSE4XR6.txt [ /tacoda.at.atwola.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\68JI3B0C.txt [ /atdmt.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\PTG52TYY.txt [ /at.atwola.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\LXYHKM57.txt [ /media6degrees.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\8EHB2CEN.txt [ /lucidmedia.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\QTCNNA6A.txt [ /advertising.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\BRSRR0EG.txt [ /c.atdmt.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\P3UHSQIM.txt [ /atwola.com ]
        C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\0Y7CE0EH.txt [ /adbrite.com ]
        C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\RID2HJXF.txt [ Cookie:xxx@adsonar.com/adserving ]
        C:\USERS\XXX\Cookies\Y5TGY90R.txt [ Cookie:xxx@ad.yieldmanager.com/ ]
        C:\USERS\XXX\Cookies\FOF88BDC.txt [ Cookie:xxx@ru4.com/ ]
        C:\USERS\XXX\Cookies\OPSE4XR6.txt [ Cookie:xxx@tacoda.at.atwola.com/ ]
        C:\USERS\XXX\Cookies\PTG52TYY.txt [ Cookie:xxx@at.atwola.com/ ]
        C:\USERS\XXX\Cookies\LXYHKM57.txt [ Cookie:xxx@media6degrees.com/ ]
        C:\USERS\XXX\Cookies\8EHB2CEN.txt [ Cookie:xxx@lucidmedia.com/ ]
        C:\USERS\XXX\Cookies\RID2HJXF.txt [ Cookie:xxx@adsonar.com/adserving ]
        C:\USERS\XXX\Cookies\QTCNNA6A.txt [ Cookie:xxx@advertising.com/ ]
        C:\USERS\XXX\Cookies\BRSRR0EG.txt [ Cookie:xxx@c.atdmt.com/ ]
        C:\USERS\XXX\Cookies\P3UHSQIM.txt [ Cookie:xxx@atwola.com/ ]
        files.youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VNVTNDA3 ]
        stat.easydate.biz [ C:\USERS\XXX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VNVTNDA3 ]
        es.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .static.getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        in.getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        7.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .burstnet.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .www.burstnet.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .kontera.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adxvalue.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ads.crakmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        www.youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .es.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad1.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .unister-adservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .clickfuse.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .exoclick.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .sexad.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ads.trafficjunky.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        media.journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        www.journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        accounts.google.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLACONTROL\PROFILES\MOZILLACONTROL\E70WPKA8.SLT\COOKIES.TXT ]


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:40 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19