Trojaner gefunden (Windows 7)

Klecks1988 · 11.03.2012, 17:49

CC Cleaner Log Scan

Code:

ATTFilter

Logfile vom Scan via 7-Zip 9.20		08.03.2012		
Adobe AIR	Adobe Systems Inc.	01.03.2012		2.5.1.17730
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	01.03.2012	6,00MB	10.1.53.64
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	08.03.2012	6,00MB	11.1.102.63
Adobe Reader 9.5.0 - Deutsch	Adobe Systems Incorporated	30.01.2012	118,3MB	9.5.0
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	01.03.2012		11.5.9.620
Apple Application Support	Apple Inc.	08.03.2012	61,0MB	2.1.7
Apple Mobile Device Support	Apple Inc.	08.03.2012	24,2MB	5.1.1.4
Apple Software Update	Apple Inc.	17.07.2011	2,38MB	2.1.3.127
BeCyPDFMetaEdit	Benjamin Bentmann	01.03.2012		2.37.0
Bonjour	Apple Inc.	19.10.2011	1,02MB	3.0.0.10
Boot Camp-Dienste	Apple Inc.	30.08.2011	193,9MB	3.3.2921
CCleaner	Piriform	10.03.2012		3.16
DivX-Setup	DivX, Inc. 	01.03.2012		1.0.2.23
DoremiSoft AVI to MP4 Converter 1.0	DoremiSoft, Inc.	01.03.2012		1.0
Driver Detective	PC Drivers HeadQuarters	17.07.2010	9,95MB	8.0.1
DriverAgent by eSupport.com		01.03.2012		
EA Download Manager UI	Electronic Arts	01.03.2012		6.0.4.10
ESET Online Scanner v3		04.03.2012		
EventGhost 0.3.7.r1462	EventGhost Project	25.06.2010		0.3.7.r1462
EVEREST Home Edition v2.20	Lavalys Inc	01.03.2012		2.20
Facebook Video Calling 1.1.1.1	Skype Limited	21.02.2012	3,93MB	1.1.1
Fraps		01.03.2012		
Free Audio CD Burner version 1.4	DVDVideoSoft Limited.	21.07.2010	8,08MB	
Free Audio Converter version 2.2.9	DVDVideoSoft Limited.	21.11.2010	25,6MB	
Free YouTube Download 2.10	DVDVideoSoft Limited.	21.11.2010	26,1MB	
Free YouTube to MP3 Converter version 3.7	DVDVideoSoft Limited.	21.07.2010	32,0MB	
G Data InternetSecurity 2011	G Data Software AG	28.01.2011	69,7MB	21.0.0.0
Game Booster	IObit	16.07.2010	3,18MB	1.5.0.96
Garmin Training Center	Garmin Ltd or its subsidiaries	30.06.2010	43,6MB	3.4.5
Garmin USB Drivers	Garmin Ltd or its subsidiaries	30.06.2010	0,12MB	2.3.0.0
GMATPrep(TM)	Graduate Management Admission Council ®	02.10.2011		2.3.601.409
Google Earth	Google	24.11.2011	92,7MB	6.1.0.5001
iCloud	Apple Inc.	08.03.2012	24,3MB	1.1.0.40
ICQ 7.2 Build #3129 Banner Remover 1.0	murb.com	16.07.2010	1,02MB	
ICQ7.2	ICQ	16.12.2010		7.2
Intel(R) Programm für Prozessor-IDs	Intel Corporation	16.07.2010	3,97MB	4.22.0000
iTunes	Apple Inc.	08.03.2012	157,4MB	10.6.0.40
Java(TM) 6 Update 27	Oracle	19.09.2011	95,0MB	6.0.270
Logitech SetPoint 6.32	Logitech	01.03.2012	39,1MB	6.32.20
Malwarebytes Anti-Malware Version 1.60.1.1000	Malwarebytes Corporation	01.03.2012	17,3MB	1.60.1.1000
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	01.03.2012	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	01.03.2012	2,94MB	4.0.30319
Microsoft Office File Validation Add-In	Microsoft Corporation	15.09.2011	7,95MB	14.0.5130.5003
Microsoft Office Standard 2007	Microsoft Corporation	07.03.2012		12.0.6612.1000
Microsoft Project Professional 2010	Microsoft Corporation	01.03.2012		14.0.6029.1000
Microsoft Silverlight	Microsoft Corporation	15.02.2012	40,5MB	4.1.10111.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	22.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	18.08.2010	0,20MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	04.05.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	14.08.2010	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	22.06.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	13.11.2011	15,0MB	10.0.40219
MobileMe Control Panel	Apple Inc.	26.10.2011	12,9MB	3.1.8.0
Mozilla Firefox 10.0.2 (x86 de)	Mozilla	01.03.2012	43,0MB	10.0.2
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	20.06.2010	35,00KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	20.06.2010	1,33MB	4.20.9876.0
MyTomTom 3.1.0.530	TomTom	01.03.2012		3.1.0.530
NVIDIA 3D Vision Treiber 285.62	NVIDIA Corporation	11.11.2011		285.62
NVIDIA Display Control Panel	NVIDIA Corporation	01.03.2012		6.14.12.5721
NVIDIA Drivers	NVIDIA Corporation	01.03.2012	67,5MB	1.10.61.39
NVIDIA Grafiktreiber 285.62	NVIDIA Corporation	11.11.2011		285.62
NVIDIA PhysX-Systemsoftware 9.11.0621	NVIDIA Corporation	11.11.2011		9.11.0621
NVIDIA Update 1.5.20	NVIDIA Corporation	11.11.2011		1.5.20
Octoshape add-in for Adobe Flash Player		07.08.2010		
Octoshape Streaming Services		18.08.2010		
Oracle IRM Desktop	Oracle Corporation	04.03.2012	23,2MB	11.1.54.2
PASW Statistics 18	SPSS Inc.	03.12.2010	600MB	18.0.0
PDFCreator	Frank Heindörfer, Philip Chinery	06.03.2012		1.2.3
pdfsam		19.09.2011		2.2.1
Pharos		01.03.2012		
PunkBuster for Joint Operations: Typhoon Rising		01.03.2012		1.00.0000
PunkBuster Services	Even Balance, Inc.	01.03.2012		0.988
QuickTime	Apple Inc.	26.10.2011	73,3MB	7.71.80.42
RealPlayer	RealNetworks	01.03.2012		
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	09.08.2010		6.0.1.5936
Safari	Apple Inc.	14.12.2011	43,3MB	5.34.52.7
Samsung Drive Manager	Clarus	05.01.2012		1.0.140
SAMSUNG Mobile Composite Device Software		01.03.2012		
SAMSUNG Mobile Modem Driver Set		01.03.2012		
Samsung Mobile phone USB driver Drive Software		01.03.2012		
SAMSUNG Mobile USB Modem 1.0 Software		01.03.2012		
SAMSUNG Mobile USB Modem Software		01.03.2012		
Samsung PC Studio 3	Samsung Electronics Co., Ltd.	19.06.2010		3.2.2.80601
Shape Collage	Shape Collage Inc.	01.03.2012		
SharpKeys	RandyRants.com	02.09.2010	88,00KB	2.1.1000
Skype Click to Call	Skype Technologies S.A.	03.03.2012	14,4MB	5.9.9216
Skype™ 5.8	Skype Technologies S.A.	05.03.2012	19,0MB	5.8.158
SpeedFan (remove only)		01.03.2012		
Steam	Valve Corporation	11.11.2011	35,5MB	1.0.0.0
System Requirements Lab		01.03.2012		
TeamSpeak 3 Client	TeamSpeak Systems GmbH	01.03.2012		
The Elder Scrolls V: Skyrim	Bethesda Game Studios	01.03.2012		
Trojan Remover 6.8.3	Simply Super Software	01.03.2012	16,3MB	6.8.3
Veetle TV 0.9.18	Veetle, Inc	01.03.2012		0.9.18
Visual Studio C++ 10.0 Runtime	TomTom International B.V.	28.01.2012	8,00KB	10.0.0
VLC media player 1.1.4	VideoLAN	01.03.2012		1.1.4
Winamp	Nullsoft, Inc	01.03.2012		5.621 
Winamp Erkennungs-Plug-in	Nullsoft, Inc	15.09.2011	75,00KB	1.0.0.1
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)	Garmin	01.03.2012		06/03/2009 2.3.0.0
Windows Media Player Firefox Plugin	Microsoft Corp	15.06.2010	0,29MB	1.0.0.8
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (01/11/2008 3.4.3.18)	Apple Inc.	01.03.2012		01/11/2008 3.4.3.18
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.8.3.10)	Apple Inc.	01.03.2012		02/01/2008 3.8.3.10
Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)	Apple Inc.	01.03.2012		06/27/2007 2.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1)	Apple Inc.	01.03.2012		04/27/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)	Apple Inc.	01.03.2012		11/23/2009 3.1.0.1
Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)	Apple Inc.	01.03.2012		10/25/2007 2.0.1.0
Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)	Apple Inc.	01.03.2012		01/23/2009 3.0.0.0
Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)	Apple Inc.	01.03.2012		02/21/2008 2.0.4.0
Windows-Treiberpaket - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)	Apple Inc.	01.03.2012		04/06/2009 3.0.0.0
Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)	Apple Inc.	01.03.2012		05/05/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)	Apple Inc.	01.03.2012		03/25/2009 2.1.2.112
Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)	Apple Inc.	01.03.2012		05/05/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)	Apple Inc.	01.03.2012		09/10/2009 3.0.0.0
Windows-Treiberpaket - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1)	Apple Inc.	01.03.2012		10/05/2010 3.2.0.1
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)	Apple Inc.	01.03.2012		03/25/2009 2.1.2.112
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)	Apple Inc.	01.03.2012		05/05/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)	Apple Inc.	01.03.2012		09/10/2009 3.0.0.0
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1)	Apple Inc.	01.03.2012		10/05/2010 3.2.0.1
Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)	Apple Inc.	01.03.2012		01/17/2008 2.0.2.2
Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)	Apple Inc.	01.03.2012		05/17/2010 3.1.0.0
Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)	Apple Inc.	01.03.2012		04/05/2011 3.2.0.8
Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)	Apple Inc.	01.03.2012		07/13/2009 3.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)	Apple Inc.	01.03.2012		07/13/2009 3.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)	Apple Inc.	01.03.2012		06/01/2011 4.0.0.1
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)	Apple Inc.	01.03.2012		11/30/2009 3.0.0.6
Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7)	Apple Inc.	01.03.2012		08/24/2010 3.1.0.7
Windows-Treiberpaket - Apple Inc. Bluetooth  (11/23/2009 3.0.0.4)	Apple Inc.	01.03.2012		11/23/2009 3.0.0.4
Windows-Treiberpaket - Apple Inc. System  (08/22/2008 2.1.1.1)	Apple Inc.	01.03.2012		08/22/2008 2.1.1.1
Windows-Treiberpaket - Atheros Communications Inc. (athr) Net  (11/18/2009 8.0.0.258)	Atheros Communications Inc.	01.03.2012		11/18/2009 8.0.0.258
Windows-Treiberpaket - Broadcom (b57nd60x) Net  (05/28/2009 12.2.0.3)	Broadcom	01.03.2012		05/28/2009 12.2.0.3
Windows-Treiberpaket - Broadcom (BCM43XX) Net  (08/21/2009 5.60.18.8)	Broadcom	01.03.2012		08/21/2009 5.60.18.8
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (01/02/2010 6.6001.1.21)	Cirrus Logic, Inc.	01.03.2012		01/02/2010 6.6001.1.21
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (08/16/2010 6.6001.1.26)	Cirrus Logic, Inc.	01.03.2012		08/16/2010 6.6001.1.26
Windows-Treiberpaket - Intel (e1express) Net  (02/06/2008 9.12.17.0)	Intel	01.03.2012		02/06/2008 9.12.17.0
Windows-Treiberpaket - Intel (E1G60) Net  (01/08/2008 8.3.9.0)	Intel	01.03.2012		01/08/2008 8.3.9.0
Windows-Treiberpaket - Intel (e1kexpress) Net  (07/22/2008 10.3.45.0)	Intel	01.03.2012		07/22/2008 10.3.45.0
Windows-Treiberpaket - Intel (e1qexpress) Net  (08/05/2008 10.3.49.0)	Intel	01.03.2012		08/05/2008 10.3.49.0
Windows-Treiberpaket - Intel (e1yexpress) Net  (07/16/2008 9.52.10.0)	Intel	01.03.2012		07/16/2008 9.52.10.0
Windows-Treiberpaket - Intel Net  (02/06/2008 9.12.18.0)	Intel	01.03.2012		02/06/2008 9.12.18.0
Windows-Treiberpaket - Intel Net  (06/13/2008 9.52.9.0)	Intel	01.03.2012		06/13/2008 9.52.9.0
Windows-Treiberpaket - Intel Net  (07/22/2008 10.3.45.0)	Intel	01.03.2012		07/22/2008 10.3.45.0
Windows-Treiberpaket - Intel Net  (08/05/2008 10.3.49.0)	Intel	01.03.2012		08/05/2008 10.3.49.0
Windows-Treiberpaket - Intel Net  (11/07/2007 8.10.1.0)	Intel	01.03.2012		11/07/2007 8.10.1.0
Windows-Treiberpaket - Intel System  (07/20/2007 1.2.76.0)	Intel	01.03.2012		07/20/2007 1.2.76.0
Windows-Treiberpaket - Marvell (yukonwlh) Net  (03/23/2007 10.12.7.3)	Marvell	01.03.2012		03/23/2007 10.12.7.3
WinRAR		01.03.2012		
Xvid 1.2.2 final uninstall	Xvid team (Koepi)	01.03.2012		1.2

Ich hoffe, dass mein Vorgehen richtig ist. Bitte lass es mich wissen, wenn ich in Zukunft anders vorgehen soll!! Vielen Dank

Klecks1988 · 11.03.2012, 21:09

Mein Malwarebytes Scan Log

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.11.08

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Xxxander :: XXX-PC [Administrator]

Schutz: Deaktiviert

11.03.2012 17:58:33
mbam-log-2012-03-11 (17-58-33).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 328932
Laufzeit: 1 Stunde(n), 10 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|55639 (Spyware.Zeus) -> Daten: C:\PROGRA~2\LOCALS~1\Temp\msbufn.cmd -> Löschen bei Neustart.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\Local Settings\Temp\msbufn.cmd (Spyware.Zeus) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

SuperAntispyware Scan:

Code:

ATTFilter

 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/11/2012 at 06:14 PM

Application Version : 5.0.1146

Core Rules Database Version : 8324
Trace Rules Database Version: 6136

Scan type       : Quick Scan
Total Scan Time : 00:23:30

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 505
Memory threats detected   : 0
Registry items scanned    : 27820
Registry threats detected : 0
File items scanned        : 14680
File threats detected     : 3

Adware.Tracking Cookie
	.doubleclick.net [ C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\XXXXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]

cosinus · 12.03.2012, 15:14

Was soll das? Wieso postest du Log die ich nicht angefordert hab?? Du solltest NUR das Log von CF erstmal posten!

Klecks1988 · 13.03.2012, 07:29

Zitat:

Zitat von cosinus

Was soll das? Wieso postest du Log die ich nicht angefordert hab?? Du solltest NUR das Log von CF erstmal posten!

Sorry für mein falsches Vorgehen. Anbei der Log vom Combo Fix

Code:

ATTFilter

ComboFix 12-03-10.02 - Xxx 13.03.2012   2:14.2.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2792.1868 [GMT 1:00]
ausgeführt von:: c:\users\Xxx\Downloads\ComboFix.exe
AV: G Data InternetSecurity 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Xxx\AppData\Roaming\froot
c:\windows\system32\~.inf
c:\windows\system32\odbcad32.exe
c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-13 bis 2012-03-13  ))))))))))))))))))))))))))))))
.
.
2012-03-13 06:20 . 2012-03-13 06:21	--------	d-----w-	c:\users\Xxx\AppData\Local\temp
2012-03-13 06:20 . 2012-03-13 06:20	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-03-13 06:20 . 2012-03-13 06:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-12 20:46 . 2012-03-12 20:56	2512121	----a-w-	c:\windows\system32\~.tmp
2012-03-11 16:50 . 2012-03-11 16:50	--------	d-----w-	c:\users\Xxx\AppData\Roaming\SUPERAntiSpyware.com
2012-03-11 16:49 . 2012-03-11 16:50	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-03-11 16:49 . 2012-03-11 16:49	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-03-11 16:40 . 2012-03-11 16:40	--------	d-----w-	c:\program files\CCleaner
2012-03-11 15:16 . 2012-03-11 15:17	--------	d-----w-	c:\users\Xxx\AppData\Roaming\kodak
2012-03-11 15:16 . 2012-03-13 03:51	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\offreg.dll
2012-03-11 15:16 . 2012-03-11 15:16	--------	d-----w-	c:\programdata\Local Settings
2012-03-09 15:02 . 2012-03-09 15:02	--------	d-----w-	C:\_OTL
2012-03-09 14:29 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\mpengine.dll
2012-03-09 00:49 . 2012-03-09 00:49	--------	d-----w-	c:\program files\7-Zip
2012-03-09 00:09 . 2012-03-09 00:09	--------	d-----w-	c:\program files\iPod
2012-03-09 00:09 . 2012-03-09 00:11	--------	d-----w-	c:\program files\iTunes
2012-03-07 01:36 . 2001-10-28 16:42	116224	----a-w-	c:\windows\system32\pdfcmnnt.dll
2012-03-07 01:36 . 1998-06-24 00:00	137000	----a-w-	c:\windows\system32\MSMAPI32.OCX
2012-03-07 01:36 . 1998-07-06 17:56	125712	----a-w-	c:\windows\system32\VB6DE.DLL
2012-03-07 01:36 . 1998-07-06 17:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2012-03-07 01:36 . 1998-07-06 17:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2012-03-07 01:36 . 1998-07-06 00:00	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2012-03-07 01:36 . 2012-03-07 01:36	--------	d-----w-	c:\program files\PDFCreator
2012-03-05 20:48 . 2012-03-05 20:48	--------	d-----w-	c:\users\Xxx\AppData\Roaming\Oracle
2012-03-05 20:35 . 2012-03-05 20:35	--------	d-----w-	c:\program files\Oracle
2012-03-05 20:35 . 2012-03-05 20:35	--------	d-----w-	c:\programdata\Oracle
2012-03-05 20:22 . 2012-03-05 20:22	--------	d-----w-	c:\program files\ESET
2012-03-04 15:56 . 2012-03-04 15:56	--------	d-----w-	c:\program files\Common Files\Skype
2012-03-02 00:52 . 2006-06-19 12:01	69632	----a-w-	c:\windows\system32\ztvcabinet.dll
2012-03-02 00:52 . 2006-05-25 14:52	162304	----a-w-	c:\windows\system32\ztvunrar36.dll
2012-03-02 00:52 . 2005-08-26 00:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2012-03-02 00:52 . 2002-03-06 00:00	75264	----a-w-	c:\windows\system32\unacev2.dll
2012-03-02 00:52 . 2003-02-02 19:06	153088	----a-w-	c:\windows\system32\UNRAR3.dll
2012-03-02 00:52 . 2012-03-02 07:04	--------	d-----w-	c:\program files\Trojan Remover
2012-03-02 00:52 . 2012-03-02 00:52	--------	d-----w-	c:\users\Xxx\AppData\Roaming\Simply Super Software
2012-03-02 00:52 . 2012-03-02 00:52	--------	d-----w-	c:\programdata\Simply Super Software
2012-03-02 00:45 . 2012-03-02 00:45	--------	d-----w-	c:\users\Xxx\AppData\Roaming\Malwarebytes
2012-03-02 00:45 . 2012-03-02 00:45	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-02 00:45 . 2012-03-02 00:45	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-02 00:45 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-22 17:00 . 2012-02-22 17:00	--------	d-----w-	c:\programdata\Xerox
2012-02-22 17:00 . 2011-06-16 09:24	10240	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\x5print.dll
2012-02-21 23:24 . 2012-02-21 23:24	--------	d-----w-	c:\users\Xxx\AppData\Roaming\NVIDIA
2012-02-21 23:24 . 2012-02-21 23:24	--------	d-----w-	c:\users\Xxx\AppData\Local\Facebook
2012-02-15 11:38 . 2012-01-14 03:35	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-02-15 11:22 . 2011-12-30 05:27	478720	----a-w-	c:\windows\system32\timedate.cpl
2012-02-15 11:21 . 2011-12-16 07:52	690688	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 11:21 . 2012-01-04 08:58	442880	----a-w-	c:\windows\system32\ntshrui.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 14:27 . 2011-05-16 10:47	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-06-16 00:01	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-12-27 22:21 . 2011-12-27 22:21	53248	----a-r-	c:\users\Xxx\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-12-27 22:21 . 2011-12-27 22:21	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-02-18 14:12 . 2011-05-13 08:15	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-08-15 526208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-09 7739936]
"G Data AntiVirus Tray Application"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-05-11 923144]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-10-28 1617416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03	66328	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
backup=c:\windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07	843712	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 23:52	59240	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50	1144104	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-10-07 09:40	1387288	----a-w-	c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-02-21 23:24	137536	----atw-	c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18	133432	----a-w-	c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IrmBackground.exe]
2011-12-13 14:37	661888	----a-w-	c:\program files\Oracle\Information Rights Management\Desktop\IrmBackground.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 18:05	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53	460872	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2011-11-14 11:02	435672	----a-w-	c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44	70936	----a-w-	c:\users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-03-09 15:04	7739936	------w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Drive Manager]
2011-05-26 13:39	5797496	----a-w-	c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 07:55	17148552	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-12 12:24	1242448	----a-w-	c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-07 17:40	273528	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2012-03-02 00:53	1238800	----a-w-	c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe"  -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 AppleTimeSrv;Apple-Time-Server;c:\windows\system32\AppleTimeSrv.exe [2010-03-09 99640]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 OracleIRMServiceHost;Oracle IRM Desktop Service Host;c:\program files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe [2011-12-13 219536]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [2011-05-26 19456]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-07-17 23456]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon32.sys [2011-09-11 29400]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 NRKCTL32;NRKCTL32; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-21 1343400]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2011-11-04 40440]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2011-11-04 79992]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2011-11-04 54648]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2011-09-11 30256]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2011-11-04 41336]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-08-15 194432]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-10-28 1506824]
S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2011-03-04 381448]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2011-10-28 1554184]
S2 inpout32;inpout32;c:\windows\system32\Drivers\inpout32.sys [2010-07-19 11936]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-08-15 15064]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2010-11-11 12928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-06-27 18944]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-01-31 10880]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-01-31 29824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2011-08-10 1613424]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-09-11 49016]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 457536]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2010-01-10 16512]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-06-02 26624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [2011-03-11 18288]
S3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [2011-05-19 90944]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mchInjDrv
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
- c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24]
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
- c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
FF - ProfilePath - c:\users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe
MSConfigStartUp-UIExec - c:\program files\T-Mobile Internet Manager 03\UIExec.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Xxx\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\SecuROM\License information*]
"datasecu"=hex:6d,3a,85,2f,0e,f5,62,31,25,aa,87,9f,79,7a,6d,bf,ac,b7,ea,82,65,
   de,2e,bd,d1,5f,6f,39,cf,11,45,5e,ad,6a,8b,6d,55,8d,9b,4f,ed,1c,db,ab,41,2d,\
"rkeysecu"=hex:c5,98,fb,ac,ba,22,63,a6,7e,ff,8f,18,7d,3d,62,30
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-13  07:25:00
ComboFix-quarantined-files.txt  2012-03-13 06:24
.
Vor Suchlauf: 12 Verzeichnis(se), 28.978.814.976 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 32.981.110.784 Bytes frei
.
- - End Of File - - A5F8B2C9A3A013B6726716C6B6EA2D95

VG
Klecks

cosinus · 13.03.2012, 16:59

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

File::
c:\windows\system32\~.tmp

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Klecks1988 · 13.03.2012, 19:34

Hi Arne,

der neue Combo Fix Log. ( Es gab keine Nachfrage bzgl. Neustart)

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-03-10.02 - Xxx 13.03.2012  18:41:07.3.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2792.1393 [GMT 1:00]
ausgeführt von:: c:\users\Xxx\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Xxx\Downloads\CFScript.txt
AV: G Data InternetSecurity 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
SP: G Data InternetSecurity 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\~.tmp"
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-13 bis 2012-03-13  ))))))))))))))))))))))))))))))
.
.
2012-03-13 17:54 . 2012-03-13 17:54	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-03-13 17:54 . 2012-03-13 17:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-13 06:25 . 2012-03-13 17:54	--------	d-----w-	c:\users\Xxx\AppData\Local\temp
2012-03-12 20:46 . 2012-03-12 20:56	2512121	----a-w-	c:\windows\system32\~.tmp
2012-03-11 16:50 . 2012-03-11 16:50	--------	d-----w-	c:\users\Xxx\AppData\Roaming\SUPERAntiSpyware.com
2012-03-11 16:49 . 2012-03-11 16:50	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-03-11 16:49 . 2012-03-11 16:49	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-03-11 16:40 . 2012-03-11 16:40	--------	d-----w-	c:\program files\CCleaner
2012-03-11 15:16 . 2012-03-11 15:17	--------	d-----w-	c:\users\Xxx\AppData\Roaming\kodak
2012-03-11 15:16 . 2012-03-13 03:51	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\offreg.dll
2012-03-11 15:16 . 2012-03-11 15:16	--------	d-----w-	c:\programdata\Local Settings
2012-03-09 15:02 . 2012-03-09 15:02	--------	d-----w-	C:\_OTL
2012-03-09 14:29 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF6C6C44-4126-428E-96EB-699673FDA754}\mpengine.dll
2012-03-09 00:49 . 2012-03-09 00:49	--------	d-----w-	c:\program files\7-Zip
2012-03-09 00:09 . 2012-03-09 00:09	--------	d-----w-	c:\program files\iPod
2012-03-09 00:09 . 2012-03-09 00:11	--------	d-----w-	c:\program files\iTunes
2012-03-07 01:36 . 2001-10-28 16:42	116224	----a-w-	c:\windows\system32\pdfcmnnt.dll
2012-03-07 01:36 . 1998-06-24 00:00	137000	----a-w-	c:\windows\system32\MSMAPI32.OCX
2012-03-07 01:36 . 1998-07-06 17:56	125712	----a-w-	c:\windows\system32\VB6DE.DLL
2012-03-07 01:36 . 1998-07-06 17:55	158208	----a-w-	c:\windows\system32\MSCMCDE.DLL
2012-03-07 01:36 . 1998-07-06 17:55	64512	----a-w-	c:\windows\system32\MSCC2DE.DLL
2012-03-07 01:36 . 1998-07-06 00:00	23552	----a-w-	c:\windows\system32\MSMPIDE.DLL
2012-03-07 01:36 . 2012-03-07 01:36	--------	d-----w-	c:\program files\PDFCreator
2012-03-05 20:48 . 2012-03-05 20:48	--------	d-----w-	c:\users\Xxx\AppData\Roaming\Oracle
2012-03-05 20:35 . 2012-03-05 20:35	--------	d-----w-	c:\program files\Oracle
2012-03-05 20:35 . 2012-03-05 20:35	--------	d-----w-	c:\programdata\Oracle
2012-03-05 20:22 . 2012-03-05 20:22	--------	d-----w-	c:\program files\ESET
2012-03-04 15:56 . 2012-03-04 15:56	--------	d-----w-	c:\program files\Common Files\Skype
2012-03-02 00:52 . 2006-06-19 12:01	69632	----a-w-	c:\windows\system32\ztvcabinet.dll
2012-03-02 00:52 . 2006-05-25 14:52	162304	----a-w-	c:\windows\system32\ztvunrar36.dll
2012-03-02 00:52 . 2005-08-26 00:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2012-03-02 00:52 . 2002-03-06 00:00	75264	----a-w-	c:\windows\system32\unacev2.dll
2012-03-02 00:52 . 2003-02-02 19:06	153088	----a-w-	c:\windows\system32\UNRAR3.dll
2012-03-02 00:52 . 2012-03-02 07:04	--------	d-----w-	c:\program files\Trojan Remover
2012-03-02 00:52 . 2012-03-02 00:52	--------	d-----w-	c:\users\Xxx\AppData\Roaming\Simply Super Software
2012-03-02 00:52 . 2012-03-02 00:52	--------	d-----w-	c:\programdata\Simply Super Software
2012-03-02 00:45 . 2012-03-02 00:45	--------	d-----w-	c:\users\Xxx\AppData\Roaming\Malwarebytes
2012-03-02 00:45 . 2012-03-02 00:45	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-02 00:45 . 2012-03-02 00:45	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-02 00:45 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-22 17:00 . 2012-02-22 17:00	--------	d-----w-	c:\programdata\Xerox
2012-02-22 17:00 . 2011-06-16 09:24	10240	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\x5print.dll
2012-02-21 23:24 . 2012-02-21 23:24	--------	d-----w-	c:\users\Xxx\AppData\Roaming\NVIDIA
2012-02-21 23:24 . 2012-02-21 23:24	--------	d-----w-	c:\users\Xxx\AppData\Local\Facebook
2012-02-15 11:38 . 2012-01-14 03:35	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-02-15 11:22 . 2011-12-30 05:27	478720	----a-w-	c:\windows\system32\timedate.cpl
2012-02-15 11:21 . 2011-12-16 07:52	690688	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 11:21 . 2012-01-04 08:58	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-15 10:01 . 2012-02-15 10:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01	43520	----a-w-	c:\windows\system32\drivers\usbaapl.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-09 14:27 . 2011-05-16 10:47	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-06-16 00:01	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-12-27 22:21 . 2011-12-27 22:21	53248	----a-r-	c:\users\Xxx\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-12-27 22:21 . 2011-12-27 22:21	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-02-18 14:12 . 2011-05-13 08:15	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-08-15 526208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-09 7739936]
"G Data AntiVirus Tray Application"="c:\program files\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2011-05-11 923144]
"GDFirewallTray"="c:\program files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2011-10-28 1617416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54	551296	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03	66328	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
backup=c:\windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07	843712	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 23:52	59240	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50	1144104	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-10-07 09:40	1387288	----a-w-	c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-02-21 23:24	137536	----atw-	c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18	133432	----a-w-	c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IrmBackground.exe]
2011-12-13 14:37	661888	----a-w-	c:\program files\Oracle\Information Rights Management\Desktop\IrmBackground.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 18:05	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53	460872	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
2011-11-14 11:02	435672	----a-w-	c:\program files\MyTomTom 3\MyTomTomSA.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44	70936	----a-w-	c:\users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-03-09 15:04	7739936	------w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Drive Manager]
2011-05-26 13:39	5797496	----a-w-	c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 07:55	17148552	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-11-12 12:24	1242448	----a-w-	c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-07 17:40	273528	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
2012-03-02 00:53	1238800	----a-w-	c:\program files\Trojan Remover\Trjscan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe"  -osboot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 AppleTimeSrv;Apple-Time-Server;c:\windows\system32\AppleTimeSrv.exe [2010-03-09 99640]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R2 OracleIRMServiceHost;Oracle IRM Desktop Service Host;c:\program files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe [2011-12-13 219536]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856]
R2 SZDrvSvc;Samsung Drive Manager Service;c:\program files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [2011-05-26 19456]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-07-17 23456]
R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon32.sys [2011-09-11 29400]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 NRKCTL32;NRKCTL32; [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-21 1343400]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2011-11-04 40440]
S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2011-11-04 79992]
S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd32.sys [2011-11-04 54648]
S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2011-09-11 30256]
S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2011-11-04 41336]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-08-15 194432]
S2 AVKProxy;G Data AntiVirus Proxy;c:\program files\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-10-28 1506824]
S2 AVKService;G Data Scheduler;c:\program files\G Data\InternetSecurity\AVK\AVKService.exe [2011-03-04 381448]
S2 AVKWCtl;G Data Dateisystem Wächter;c:\program files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2011-10-28 1554184]
S2 inpout32;inpout32;c:\windows\system32\Drivers\inpout32.sys [2010-07-19 11936]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-08-15 15064]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2010-11-11 12928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-06-27 18944]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-01-31 10880]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-01-31 29824]
S3 GDFwSvc;G Data Personal Firewall;c:\program files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2011-08-10 1613424]
S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2011-09-11 49016]
S3 GDScan;G Data Scanner;c:\program files\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 457536]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2010-01-10 16512]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-06-02 26624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung Drive Manager\mdf16.sys [2011-03-11 18288]
S3 mvd23;mvd23;c:\program files\Clarus\Samsung Drive Manager\mvd23.sys [2011-05-19 90944]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mchInjDrv
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job
- c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24]
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job
- c:\users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-21 23:24]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 16:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
FF - ProfilePath - c:\users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\SecuROM\License information*]
"datasecu"=hex:6d,3a,85,2f,0e,f5,62,31,25,aa,87,9f,79,7a,6d,bf,ac,b7,ea,82,65,
   de,2e,bd,d1,5f,6f,39,cf,11,45,5e,ad,6a,8b,6d,55,8d,9b,4f,ed,1c,db,ab,41,2d,\
"rkeysecu"=hex:c5,98,fb,ac,ba,22,63,a6,7e,ff,8f,18,7d,3d,62,30
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-13  19:31:25
ComboFix-quarantined-files.txt  2012-03-13 18:31
ComboFix2.txt  2012-03-13 06:25
.
Vor Suchlauf: 16 Verzeichnis(se), 32.989.253.632 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 32.932.249.600 Bytes frei
.
- - End Of File - - 00E97E58E6439C771DD9AA353C3FFFDF

--- --- ---

cosinus · 13.03.2012, 20:09

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Klecks1988 · 13.03.2012, 22:47

Anbei die GMER und OSAM logs:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:45:54 on 13.03.2012

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job" - "Facebook Inc." - C:\Users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job" - "Facebook Inc." - C:\Users\Xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"IrmControlPanel" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmControlPanel.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AppleHFS" (AppleHFS) - "Apple Inc." - C:\Windows\system32\drivers\AppleHFS.sys
"AppleMNT" (AppleMNT) - "Apple Inc." - C:\Windows\system32\drivers\AppleMNT.sys
"catchme" (catchme) - ? - C:\Users\XXXAN~1\AppData\Local\Temp\catchme.sys  (File not found)
"DrvAgent32" (DrvAgent32) - "Phoenix Technologies" - C:\Windows\system32\Drivers\DrvAgent32.sys
"G Data Network Monitor" (GdNetMon) - "G Data Software AG" - C:\Windows\system32\drivers\GdNetMon32.sys
"G Data Rootkit Detector Driver" (GRD) - "G Data Software" - C:\Windows\system32\drivers\GRD.sys
"G DATA WFP CD" (gdwfpcd) - "G Data Software AG" - C:\Windows\System32\drivers\gdwfpcd32.sys
"GDBehave" (GDBehave) - "G Data Software AG" - C:\Windows\System32\drivers\GDBehave.sys
"GDMnIcpt" (GDMnIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\MiniIcpt.sys
"GDPkIcpt" (GDPkIcpt) - "G Data Software AG" - C:\Windows\system32\drivers\PktIcpt.sys
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"HookCentre" (HookCentre) - "G Data Software AG" - C:\Windows\system32\drivers\HookCentre.sys
"inpout32" (inpout32) - "Highresolution Enterprises [www.highrez.co.uk]" - C:\Windows\System32\Drivers\inpout32.sys
"KeyAgent" (KeyAgent) - "Apple Inc." - C:\Windows\system32\drivers\KeyAgent.sys
"Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\Windows\System32\DRIVERS\LMouFilt.Sys
"Mac HAL" (MacHALDriver) - "Apple Inc." - C:\Windows\system32\drivers\MacHALDriver.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"mdf16" (mdf16) - ? - C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys
"mvd23" (mvd23) - ? - C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys
"NRKCTL32" (NRKCTL32) - ? - C:\Windows\system32\drivers\NRKCTL32.sys  (File not found)
"pcidrv" (pcidrv) - ? - C:\Program Files\uICE\devices\pcidrv.sys  (File not found)
"pwldrpod" (pwldrpod) - ? - C:\Users\XXXAN~1\AppData\Local\Temp\pwldrpod.sys  (Hidden registry entry, rootkit activity | File not found)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"speedfan" (speedfan) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\speedfan.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"ZTE Diagnostic Port" (ZTEusbser6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbser6k.sys  (File not found)
"ZTE Mass Storage Filter Driver" (massfilter) - ? - C:\Windows\System32\drivers\massfilter.sys  (File not found)
"ZTE NMEA Port" (ZTEusbnmea) - ? - C:\Windows\System32\DRIVERS\ZTEusbnmea.sys  (File not found)
"ZTE Proprietary USB Driver" (ZTEusbmdm6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{63EB391D-1797-461B-93C7-54D56FBC86FE} "OracleIRM.SearchShellExt" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmSearchWin2k.dll
{EFC1EE96-E077-4F9D-8AB2-531083179789} "OracleIRM.ShellExtension.ColumnExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\nv3dappshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{E97DEC16-A50D-49bb-AE24-CF682282E08D} "OpenGLShExt Class" - "NVIDIA Corporation" - C:\Windows\system32\nv3dappshext.dll
{63EB391D-1797-461B-93C7-54D56FBC86FE} "OracleIRM.SearchShellExt" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmSearchWin2k.dll
{EFC1EE96-E077-4F9D-8AB2-531083179789} "OracleIRM.ShellExtension.ColumnExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{68751EAA-C2BD-4319-A9E1-58D40ACFA03C} "OracleIRM.ShellExtension.InfotipExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{1E98CD8D-6AE0-47E1-99F7-B6BD24E61AAA} "OracleIRM.ShellExtension.PropertySheetExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{237013E6-C476-4D56-ABB6-40FC3412A78D} "OracleIRM.ShellExtension.ShortcutMenuExt Class" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IrmDesktopSealer.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - "Simply Super Software" - C:\PROGRA~1\TROJAN~1\Trshlex.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Xxx Roshal" - C:\Program Files\WinRAR\rarext.dll
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_27.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} "G Data BankGuard" - "G Data Software AG" - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll
{0124123D-61B4-456f-AF86-78C53A0790C5} "G Data WebFilter" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\WebFilter\AvkWebIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"MobileDocuments" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Apple_KbdMgr" - "Apple Inc." - C:\Program Files\Boot Camp\Bootcamp.exe
"G Data AntiVirus Tray Application" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
"GDFirewallTray" - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Pharos Systems Popup Port Monitor" - "Pharos Systems International" - C:\Windows\system32\PSR38A0E.DLL
"SealPrintMonitor" - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Apple OS Switch Manager" (AppleOSSMgr) - ? - C:\Windows\system32\AppleOSSMgr.exe
"Apple-Time-Server" (AppleTimeSrv) - "Apple Inc." - C:\Windows\system32\AppleTimeSrv.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"G Data AntiVirus Proxy" (AVKProxy) - "G Data Software AG" - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
"G Data Dateisystem Wächter" (AVKWCtl) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
"G Data Personal Firewall" (GDFwSvc) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
"G Data Scanner" (GDScan) - "G Data Software AG" - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
"G Data Scheduler" (AVKService) - "G Data Software AG" - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Oracle IRM Desktop Service Host" (OracleIRMServiceHost) - "Oracle Corporation" - C:\Program Files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe
"Pharos Systems ComTaskMaster" (Pharos Systems ComTaskMaster) - "Pharos Systems International" - C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Samsung Drive Manager Service" (SZDrvSvc) - "Clarus, Inc." - C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
"LBTWlgn" - "Logitech, Inc." - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-13 22:44:33
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9SA02 rev.FBEAC50F
Running: ub69lq4x.exe; Driver: C:\Users\XXXAN~1\AppData\Local\Temp\pwldrpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                                                          83290369 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                 832C9D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\drivers\awjqyoqt.sys                                                                                                          Das System kann den angegebenen Pfad nicht finden. !
PAGE            peauth.sys                                                                                                                             9D61EB9B 9 Bytes  JMP B9BDA47F 
?               C:\Windows\system32\Drivers\mchInjDrv.sys                                                                                              Das System kann die angegebene Datei nicht finden. !
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                             Das System kann die angegebene Datei nicht finden. !
?               C:\Users\XXXAN~1\AppData\Local\Temp\catchme.sys                                                                                       Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\System32\spoolsv.exe[1904] ntdll.dll!NtClose                                                                                771D54C8 5 Bytes  JMP 020586E0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] ntdll.dll!NtMapViewOfSection                                                                     771D5C28 5 Bytes  JMP 0205B280 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] ntdll.dll!NtQueryDirectoryFile                                                                   771D5F98 5 Bytes  JMP 02056550 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CopyFileW                                                                           76AF6AF7 5 Bytes  JMP 02059A80 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetPrivateProfileIntW                                                               76AF7ACD 5 Bytes  JMP 02059070 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FlushFileBuffers                                                                    76AF84E7 5 Bytes  JMP 02058D30 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!SetFileTime                                                                         76AFC3E2 5 Bytes  JMP 02059630 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetPrivateProfileIntA                                                               76AFDFE8 5 Bytes  JMP 02058FB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!_hread                                                                              76AFFAB0 5 Bytes  JMP 0205A630 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!_llseek                                                                             76AFFADE 5 Bytes  JMP 0205A750 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileSize                                                                         76B00823 5 Bytes  JMP 02058EE0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CreateFileMappingW                                                                  76B0120C 5 Bytes  JMP 0205AEA0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!DeleteFileW                                                                         76B016EF 5 Bytes  JMP 0205A520 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileTime                                                                         76B016FC 5 Bytes  JMP 02059530 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!SetEndOfFile                                                                        76B02BA5 5 Bytes  JMP 02059260 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileAttributesExW                                                                76B0307E 5 Bytes  JMP 02059450 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!DeleteFileA                                                                         76B04382 5 Bytes  JMP 0205A410 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!MoveFileExW                                                                         76B08DB0 5 Bytes  JMP 0205A0E0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileSizeEx                                                                       76B099B1 5 Bytes  JMP 02059190 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindNextFileW                                                                       76B09B4E 5 Bytes  JMP 0205ABB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!ReadFile                                                                            76B09B66 5 Bytes  JMP 02058860 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindNextFileA                                                                       76B0A611 5 Bytes  JMP 0205AB50 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindFirstFileA                                                                      76B0BF53 5 Bytes  JMP 0205A7D0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!DuplicateHandle                                                                     76B0D888 5 Bytes  JMP 0205AD50 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CreateFileW                                                                         76B0E8A5 5 Bytes  JMP 020582A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CreateFileA                                                                         76B0EA61 5 Bytes  JMP 02057EC0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!SetFilePointer                                                                      76B1060D 5 Bytes  JMP 02058D90 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindFirstFileW                                                                      76B1404C 5 Bytes  JMP 0205A900 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileAttributesW                                                                  76B14C14 5 Bytes  JMP 020593E0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindClose                                                                           76B14C24 5 Bytes  JMP 0205AAF0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!OpenFileMappingW                                                                    76B150EA 5 Bytes  JMP 0205B160 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!WriteFile                                                                           76B153EE 5 Bytes  JMP 02058AF0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileType                                                                         76B16AB4 5 Bytes  JMP 02059730 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!FindFirstFileExW                                                                    76B16BD6 5 Bytes  JMP 0205A9F0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetFileAttributesA                                                                  76B16C06 5 Bytes  JMP 02059370 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!ReplaceFile                                                                         76B21708 5 Bytes  JMP 0205A310 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!CopyFileA                                                                           76B26D5A 5 Bytes  JMP 020598A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!MoveFileW                                                                           76B26ED6 5 Bytes  JMP 02059E90 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!UnlockFile                                                                          76B27B2B 5 Bytes  JMP 02059820 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!LockFile                                                                            76B27B43 5 Bytes  JMP 020597A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!GetShortPathNameA                                                                   76B29CEE 5 Bytes  JMP 0205AC10 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!MoveFileA                                                                           76B4BF49 5 Bytes  JMP 02059C60 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] kernel32.dll!_hwrite                                                                             76B4D505 5 Bytes  JMP 0205A6C0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] USER32.dll!GetDCEx                                                                               757A2D57 5 Bytes  JMP 02056AD0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] USER32.dll!GetWindowDC                                                                           757A4AB7 5 Bytes  JMP 02056B40 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] USER32.dll!ReleaseDC                                                                             757A5421 3 Bytes  JMP 02057180 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] USER32.dll!ReleaseDC + 4                                                                         757A5425 1 Byte  [8C]
.text           C:\Windows\System32\spoolsv.exe[1904] USER32.dll!GetDC                                                                                 757A544C 5 Bytes  JMP 02056A60 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] USER32.dll!PrintWindow                                                                           757F4D87 5 Bytes  JMP 02057340 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!DeleteDC                                                                               75866EAA 5 Bytes  JMP 02057200 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!BitBlt                                                                                 758672C0 5 Bytes  JMP 02056BB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetPixel                                                                               7586C3D5 5 Bytes  JMP 02056D50 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CreateDCA                                                                              7586CCA9 5 Bytes  JMP 020566A0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CreateDCW                                                                              7586CF79 5 Bytes  JMP 02056880 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!StretchBlt                                                                             7586F467 5 Bytes  JMP 02056FF0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetMetaFileW                                                                           75871260 5 Bytes  JMP 02057860 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetEnhMetaFileW                                                                        75871341 5 Bytes  JMP 02057980 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CopyMetaFileW                                                                          7587456F 5 Bytes  JMP 02057AA0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetMetaFileA                                                                           75893CD5 5 Bytes  JMP 02057400 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CopyMetaFileA                                                                          758947C6 5 Bytes  JMP 02057640 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!StartDocW                                                                              75895BB0 5 Bytes  JMP 0205D440 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!StartDocA                                                                              758960E1 5 Bytes  JMP 0205D360 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!CopyEnhMetaFileW                                                                       7589D651 5 Bytes  JMP 02057CB0 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] GDI32.dll!GetEnhMetaFileA                                                                        7589D758 5 Bytes  JMP 02057520 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] ole32.dll!CoInitializeEx                                                                         756609AD 5 Bytes  JMP 0205D690 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Windows\System32\spoolsv.exe[1904] ole32.dll!DoDragDrop                                                                             7572A827 5 Bytes  JMP 0205B370 C:\Program Files\Oracle\Information Rights Management\Desktop\IRM32.dll (Oracle IRM Library/Oracle Corporation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!SetWindowLongA                                                  75798BA3 5 Bytes  JMP 5C1701A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!SetWindowLongW                                                  757A4449 5 Bytes  JMP 5C170135 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!GetWindowInfo                                                   757A4B5E 5 Bytes  JMP 5BF00924 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5920] USER32.dll!TrackPopupMenu                                                  757B2228 5 Bytes  JMP 5BF00ECF C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[6788] ntdll.dll!LdrLoadDll                                                                771F223E 5 Bytes  JMP 5BD85B60 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[6788] USER32.dll!GetWindowInfo                                                            757A4B5E 5 Bytes  JMP 5BF0802D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000058                                                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000085                                                                                                        bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000087                                                                                                        bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume10                                                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                               fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0023125dfba3                                                            
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0023125dfba3 (not active ControlSet)                                        

---- Files - GMER 1.0.15 ----

File            C:\Users\Xxx\AppData\Local\temp\fla45F5.tmp                                                                                      7063172 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.16961_none_ea4ba41bb7f3459e                           0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.16961_none_ea4ba41bb7f3459e\d3d10warp.dll             1170944 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.21148_none_eaf1bae6d0fa9229                           0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.21148_none_eaf1bae6d0fa9229\d3d10warp.dll             1170944 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da                                0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntkrnlpa.exe                   3957616 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntoskrnl.exe                   3902320 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_4b5f89133647a225                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_4b5f89133647a225\rdpwd.sys         177152 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21151_none_4bf1cd584f5f2692                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21151_none_4bf1cd584f5f2692\rdpwd.sys         178176 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_4d4117e93370c20c                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_4d4117e93370c20c\rdpwd.sys         183808 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_4dfbc4c44c6a5495                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_4dfbc4c44c6a5495\rdpwd.sys         183808 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f\rdpcorekmts.dll   129536 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f\rdpwsx.dll        57856 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5\rdpcorekmts.dll   129536 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5\rdpwsx.dll        57856 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df\rdpcorekmts.dll   129536 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df\rdpwsx.dll        58880 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a\rdpcorekmts.dll   129536 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a\rdpwsx.dll        58880 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.16952_none_9a0509e7cc4b2b4b                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.16952_none_9a0509e7cc4b2b4b\rdrmemptylst.exe  8192 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21136_none_9aa81fd4e5552bd1                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21136_none_9aa81fd4e5552bd1\rdrmemptylst.exe  8192 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17767_none_9be59873c97531db                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17767_none_9be59873c97531db\rdrmemptylst.exe  8192 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21907_none_9cb016ace2622726                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21907_none_9cb016ace2622726\rdrmemptylst.exe  8192 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16957_none_b8ec4b99fbc02cf6                                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16957_none_b8ec4b99fbc02cf6\win32k.sys                        2341376 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.16961_none_d2856f5960b5f6d1                              0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.16961_none_d2856f5960b5f6d1\DWrite.dll                   1074176 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21143_none_b97c8f4b14d97eb5                                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21143_none_b97c8f4b14d97eb5\win32k.sys                        2350592 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.21148_none_d32b862479bd435c                              0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.21148_none_d32b862479bd435c\DWrite.dll                   1077248 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17776_none_d465fde55ddffd61                              0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17776_none_d465fde55ddffd61\DWrite.dll                   1077248 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.21920_none_d51faa7676da7693                              0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.21920_none_d51faa7676da7693\DWrite.dll                   1077248 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42                                0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntkrnlpa.exe                   3971440 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntoskrnl.exe                   3915632 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7600.21151_none_e5081a03cf558ee4                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7600.21151_none_e5081a03cf558ee4\rdpdd.dll         152064 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7                                0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe                   3968368 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe                   3913584 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9                                0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe                   3971440 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe                   3916656 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_bab80755f8fb5211                                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_bab80755f8fb5211\win32k.sys                        2343424 bytes executable
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_bb84862311e67a0a                                   0 bytes
File            C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_bb84862311e67a0a\win32k.sys                        2351104 bytes executable

---- EOF - GMER 1.0.15 ----

Lg Klecks

Klecks1988 · 14.03.2012, 07:52

aswMBR stürzt leider immer ab

cosinus · 14.03.2012, 15:18

Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Klecks1988 · 14.03.2012, 18:09

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-14 17:51:03
-----------------------------
17:51:03.429    OS Version: Windows 6.1.7601 Service Pack 1
17:51:03.429    Number of processors: 2 586 0x1706
17:51:03.433    ComputerName: XXX-PC  UserName: 
17:51:06.462    Initialize success*
17:51:12.302    AVAST engine defs: 12031300
17:51:34.570    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:51:34.572    Disk 0 Vendor: Hitachi_HTS543225L9SA02 FBEAC50F Size: 238475MB BusType: 3
17:51:34.670    Disk 0 MBR read successfully
17:51:34.672    Disk 0 MBR scan
17:51:34.761    Disk 0 Windows 7 default MBR code
17:51:34.776    Disk 0 Partition 1 00     EE          GPT               200 MB offset 1
17:51:34.999    Disk 0 Partition 2 00     AF   HFS / HFS+            122880 MB offset 409640
17:51:35.073    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       115266 MB offset 252332032
17:51:35.114    Disk 0 scanning sectors +488396800
17:51:35.267    Disk 0 scanning C:\Windows\system32\drivers
17:52:16.872    Service scanning
17:53:22.141    Modules scanning
17:54:34.778    Disk 0 trace - called modules:
17:54:34.798    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
17:54:34.798    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865bc210]
17:54:34.798    3 CLASSPNP.SYS[8b47059e] -> nt!IofCallDriver -> [0x86144918]
17:54:34.798    5 ACPI.sys[8ac8f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86101030]
17:54:34.798    Scan finished successfully
17:57:00.609    Disk 0 MBR has been saved successfully to "C:\Users\Xxxxxx\Documents\MBR.dat"
17:57:00.615    The log file has been saved successfully to "C:\Users\Xxxxxx\Documents\aswMBR.txt"

Kannst du schon sagen, wie hoch die Wahrscheinlichkeit ist, dass sich auf meinem Computer noch ein Schädling befindet?

cosinus · 14.03.2012, 18:31

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Klecks1988 · 14.03.2012, 20:32

hi Arne,

lass gerade beide Programme laufen. Gdata hat gerade folgende Meldung gegeben.
"Die Datei wurde gelöscht.

Datei: C:\Users\Alexander\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\26ef9f36-51f80928
Virus: Java:ClassLoader-U [Trj] (Engine B)"

cosinus · 14.03.2012, 21:44

Zitat:

Datei: C:\Users\Alexander\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\26ef9f36-51f80928

Man könnte druchaus auch selbst auf die Idee kommen, den Java-Cache mal zu leeren wenn man diesen Ordner sieht

Leere diesen Ordner => C:\Users\Alexander\AppData\LocalLow\Sun\Java\Deployment\cache

Klecks1988 · 14.03.2012, 22:54

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/14/2012 at 10:09 PM

Application Version : 5.0.1146

Core Rules Database Version : 8335
Trace Rules Database Version: 6147

Scan type       : Complete Scan
Total Scan Time : 03:29:56

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 1046
Memory threats detected   : 0
Registry items scanned    : 37805
Registry threats detected : 0
File items scanned        : 50398
File threats detected     : 203

Adware.Tracking Cookie
	C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\5XEGG0FA.txt [ /doubleclick.net ]
	C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\Y5TGY90R.txt [ /ad.yieldmanager.com ]
	C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\37YUNF1M.txt [ /ar.atwola.com ]
	C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\FOF88BDC.txt [ /ru4.com ]
	C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\OPSE4XR6.txt [ /tacoda.at.atwola.com ]
	C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\68JI3B0C.txt [ /atdmt.com ]
	C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\PTG52TYY.txt [ /at.atwola.com ]
	C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\LXYHKM57.txt [ /media6degrees.com ]
	C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\8EHB2CEN.txt [ /lucidmedia.com ]
	C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\QTCNNA6A.txt [ /advertising.com ]
	C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\BRSRR0EG.txt [ /c.atdmt.com ]
	C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\P3UHSQIM.txt [ /atwola.com ]
	C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Cookies\0Y7CE0EH.txt [ /adbrite.com ]
	C:\USERS\XXX\AppData\Roaming\Microsoft\Windows\Cookies\RID2HJXF.txt [ Cookie:xxx@adsonar.com/adserving ]
	C:\USERS\XXX\Cookies\Y5TGY90R.txt [ Cookie:xxx@ad.yieldmanager.com/ ]
	C:\USERS\XXX\Cookies\FOF88BDC.txt [ Cookie:xxx@ru4.com/ ]
	C:\USERS\XXX\Cookies\OPSE4XR6.txt [ Cookie:xxx@tacoda.at.atwola.com/ ]
	C:\USERS\XXX\Cookies\PTG52TYY.txt [ Cookie:xxx@at.atwola.com/ ]
	C:\USERS\XXX\Cookies\LXYHKM57.txt [ Cookie:xxx@media6degrees.com/ ]
	C:\USERS\XXX\Cookies\8EHB2CEN.txt [ Cookie:xxx@lucidmedia.com/ ]
	C:\USERS\XXX\Cookies\RID2HJXF.txt [ Cookie:xxx@adsonar.com/adserving ]
	C:\USERS\XXX\Cookies\QTCNNA6A.txt [ Cookie:xxx@advertising.com/ ]
	C:\USERS\XXX\Cookies\BRSRR0EG.txt [ Cookie:xxx@c.atdmt.com/ ]
	C:\USERS\XXX\Cookies\P3UHSQIM.txt [ Cookie:xxx@atwola.com/ ]
	files.youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VNVTNDA3 ]
	stat.easydate.biz [ C:\USERS\XXX\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VNVTNDA3 ]
	es.sitestat.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.static.getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	7.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	7.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	7.rotator.wigetmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.burstnet.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.www.burstnet.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.ikea.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adxvalue.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ads.crakmedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	www.youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.es.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.ero-advertising.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.unister-adservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.clickfuse.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.digital.solution.weborama.fr [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.exoclick.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.sexad.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ads.trafficjunky.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	media.journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	www.journalofaccountancy.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	server.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3JEWTK1I.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\XXX\APPDATA\ROAMING\MOZILLACONTROL\PROFILES\MOZILLACONTROL\E70WPKA8.SLT\COOKIES.TXT ]

12.03.2012, 15:14	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner gefunden (Windows 7) Was soll das? Wieso postest du Log die ich nicht angefordert hab?? Du solltest NUR das Log von CF erstmal posten! __________________ __________________

14.03.2012, 15:18	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner gefunden (Windows 7) Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. __________________ Logfiles bitte immer in CODE-Tags posten

14.03.2012, 18:31	#27
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner gefunden (Windows 7) Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner gefunden (Windows 7)

Log-Analyse und Auswertung: Trojaner gefunden (Windows 7)