TR.Dropper.gen in C:\Users\Christina\AppData\Local\Temp, Trojan/Zaccess, Trojan.Agent, ...

Christina.K

Hallo zusammen!

Zunächst stelle ich mich vor: Ich heiße Christina, komme aus dem Ruhrgebiet und bin ehrlich gesagt nicht sonderlich PC-affin - dennoch interessiert. Demnach bitte ich um etwas Geduld mit mir...ich gebe mir aber Mühe.
PC: Windows Vista, Dell inspiron Laptop, Avira AntiVir

Nun zu meinem Problem: Seit drei Tagen erhalte ich, in immer kürzer werdenden Abständen, eine Viruswarnung von Avira Antivir: TR/Dropper.gen (C:\Users\Christina\AppData\Local\Temp\5640.tmp). Ich habe also bei Google geschaut, und festgestellt, dass dieser Virus wohl nicht sehr schädlich ist - aber loswerden möchte ich ihn trotzdem.

Hinzu kommt, wohl parallel zum Erscheinen der ersten Virusmeldung, dass ich eine "Benutzerkontensteuerung" Meldung von Flashplayer erhalte. "Zur Fortsetzung des Programms ist Ihre Zustimmung erforderlich". Wenn ich aber auf Abbrechen klicke, kommt binnen Sekunden die Aufforderung wieder. Zustimmen möchte ich nicht - meine weibliche Intuition sagt mir "lass das!"

Dann bin ich auf den Trojaner-Board gestossen. Ein Mitglied hatte wohl vor einigen Jahren dasselbe Problem - auch in Verbindung mit Flash und Facebook. Ich habe mir die Ratschläge angeschaut - aber weiter als "scannen mit Malwarebytes" reichte mein Verständnis auch nicht.

Mit Malwarebytes gescannt, und zu meinem Schrecken folgende Logdatei erhalten:
_________________________________________________________________
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.12.02

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Christina :: LAPPY [Administrator]

Schutz: Aktiviert

12.06.2012 11:54:25
mbam-log-2012-06-12 (12-20-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202132
Laufzeit: 9 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|xool6ic3qd (Trojan.Agent) -> Daten: C:\Users\Christina\xool6ic3qd.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Bösartig: (C:\Users\Christina\AppData\Local\{4c1a69f0-f01e-91e9-437f-87866c4f046f}\n.) Gut: (%SystemRoot%\system32\shell32.dll) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Christina\AppData\Local\Temp\5640.tmp (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Christina\AppData\Local\Temp\1869962394.exe (Rootkit.0Access) -> Keine Aktion durchgeführt.
C:\Users\Christina\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)
______________________________________________________

Nun befürchte ich, dass das Kind schon lange in Brunnen gefallen ist. Dennoch erhoffe ich mir, dass ich meinen geliebten Lappy doch noch retten kann.

So, vor der Anmeldung hier im Board habe ich mir die drei Schritte zum erfolgreichen Posting durchgelesen und weitestgehend ausgeführt.

1. Defogger ...läuft jetzt im Hintergrund; ich habe nicht auf Re-enable geklickt

2. OTL von Oldtimer:

OTL.txt hier im Post; Extras.txt als .zip

_____________________________________________________-

OTL logfile created on: 12.06.2012 12:21:40 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Christina\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 42,87% Memory free
6,19 Gb Paging File | 4,12 Gb Available in Paging File | 66,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,47 Gb Total Space | 207,38 Gb Free Space | 72,64% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,61 Gb Free Space | 56,07% Space Free | Partition Type: NTFS

Computer Name: LAPPY | User Name: Christina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.12 12:19:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Christina\Downloads\OTL.exe
PRC - [2012.06.12 12:18:03 | 000,050,477 | ---- | M] () -- C:\Users\Christina\Downloads\Defogger.exe
PRC - [2012.06.06 13:54:44 | 000,187,904 | ---- | M] () -- C:\Users\CHRIST~1\AppData\Local\Temp\1869962394.exe
PRC - [2012.06.06 13:54:26 | 000,019,896 | ---- | M] () -- C:\Users\CHRIST~1\AppData\Local\Temp\5640.tmp
PRC - [2012.05.16 12:19:35 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.02.23 17:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.10.18 16:01:05 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.01.16 19:02:38 | 000,436,752 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\mcuicnt.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.02.26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.23 22:03:59 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008.10.23 22:03:57 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008.06.12 14:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008.05.13 17:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DellDock.exe
PRC - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.02.22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008.01.02 06:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008.01.02 06:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.12.21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe
PRC - [2007.12.03 07:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007.09.24 11:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2007.09.24 11:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2007.09.24 11:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2007.09.24 11:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.12 12:18:03 | 000,050,477 | ---- | M] () -- C:\Users\Christina\Downloads\Defogger.exe
MOD - [2012.06.06 13:54:44 | 000,187,904 | ---- | M] () -- C:\Users\CHRIST~1\AppData\Local\Temp\1869962394.exe
MOD - [2012.06.06 13:54:26 | 000,019,896 | ---- | M] () -- C:\Users\CHRIST~1\AppData\Local\Temp\5640.tmp
MOD - [2012.05.27 23:25:42 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.05.16 12:19:34 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.04.17 16:16:41 | 002,236,416 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2012.04.17 16:16:41 | 001,396,736 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2012.04.17 16:16:41 | 000,868,352 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2012.04.17 16:16:41 | 000,847,872 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2012.04.17 16:16:41 | 000,782,336 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2012.04.17 16:16:41 | 000,688,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2012.04.17 16:16:41 | 000,528,384 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2012.04.17 16:16:41 | 000,462,848 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2012.04.17 16:16:41 | 000,237,568 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2012.04.17 16:16:41 | 000,155,648 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2012.04.17 16:16:41 | 000,143,360 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2012.04.17 16:16:40 | 000,688,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
MOD - [2012.04.17 16:16:40 | 000,406,016 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2012.04.17 16:16:40 | 000,217,088 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocESUpload.dll
MOD - [2012.04.17 16:16:40 | 000,167,936 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocESEmail.dll
MOD - [2012.04.17 16:16:40 | 000,155,648 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
MOD - [2012.04.17 16:16:40 | 000,129,536 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2012.04.17 16:16:40 | 000,094,208 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
MOD - [2012.04.17 16:16:40 | 000,094,208 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2012.04.17 16:16:40 | 000,084,480 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2012.04.17 16:16:40 | 000,052,224 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2012.04.17 16:16:40 | 000,044,544 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2012.04.17 16:16:40 | 000,010,752 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
MOD - [2012.04.17 16:16:40 | 000,009,728 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2012.04.17 16:16:40 | 000,009,728 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\locPcd.dll
MOD - [2012.04.17 16:16:39 | 000,471,040 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2012.04.17 16:16:39 | 000,356,352 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2012.04.17 16:16:39 | 000,062,464 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2012.04.17 16:16:38 | 001,564,672 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2012.04.17 16:16:38 | 000,339,968 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2012.04.17 16:16:38 | 000,315,392 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2012.04.17 16:16:38 | 000,264,192 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2012.04.17 16:16:38 | 000,234,496 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2012.04.17 16:16:38 | 000,171,520 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2012.04.17 16:16:38 | 000,098,304 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2012.04.17 16:16:38 | 000,084,480 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2012.04.17 16:16:35 | 000,152,576 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2012.04.17 16:16:34 | 011,503,616 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2012.04.17 16:16:33 | 000,684,032 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2012.04.17 16:16:32 | 000,761,856 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2012.04.17 16:16:32 | 000,078,848 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011.06.30 03:34:10 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\1e8e5a08888c9390cb41e1780eaba8ae\VistaBridgeLibrary.ni.dll
MOD - [2011.06.30 03:34:09 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\d0d850edeeddf63d6269b64bf2724c22\DellDock.ni.exe
MOD - [2011.06.30 03:34:07 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\dfd459c0f1708eb4cc90d0baf44cb1ca\MyDock.Util.ni.dll
MOD - [2011.06.30 03:34:03 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\18f2261a32e4aa98d770c405554bd8d5\System.Management.ni.dll
MOD - [2011.06.30 03:33:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f183e57f94e56ac92ee99eed8e63943d\System.Configuration.ni.dll
MOD - [2011.06.30 03:32:15 | 005,451,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\59f9dfe0ea64752c07f5a59c283c163b\System.Xml.ni.dll
MOD - [2011.06.30 03:31:57 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f4fbd5c3aa0de64cce8f542b447a31a8\System.Windows.Forms.ni.dll
MOD - [2011.06.30 03:31:47 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d1bb7213f94f2bfa67b0b560785220\System.Drawing.ni.dll
MOD - [2011.06.30 03:30:37 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll
MOD - [2011.06.30 03:28:59 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll
MOD - [2010.12.22 21:37:42 | 005,971,408 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010.07.23 12:45:09 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2009.12.22 00:57:32 | 007,573,504 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU
MOD - [2009.10.03 02:48:16 | 000,106,496 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Escript.deu
MOD - [2009.10.03 02:45:02 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\updater.DEU
MOD - [2009.02.27 17:40:12 | 001,712,128 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
MOD - [2009.02.27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2008.10.07 14:20:00 | 000,102,400 | ---- | M] () -- C:\Programme\IDM Computer Solutions\UltraEdit\ue32ctmn.dll
MOD - [2008.07.27 19:58:25 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.05.27 23:58:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.16 12:19:34 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.10.23 22:03:59 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008.10.23 22:03:57 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008.08.31 18:08:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.02 06:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008.01.02 06:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.05.29 23:52:13 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.05.29 23:51:16 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009.05.29 23:51:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008.06.23 14:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.01.21 04:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008.01.02 06:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.12.03 07:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007.12.03 07:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007.11.08 19:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.09.24 11:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.08.13 11:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.06.25 11:13:14 | 007,110,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.11.27 09:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.27 09:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.27 09:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.21 14:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2080901
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=TwrnS-dG2ZpjdIA_hvkQfaKx1LU?q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.23.0.5
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.16 12:19:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.16 12:19:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{d591241b-9967-418c-9b7d-ee128131d60d}: C:\Program Files\GMX\GMX MultiMessenger\ThunderbirdSyncProxy [2008.09.27 18:13:28 | 000,000,000 | ---D | M]

[2010.12.22 10:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\mozilla\Extensions
[2012.06.11 22:32:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christina\AppData\Roaming\mozilla\Firefox\Profiles\it26w7cr.default\extensions
[2011.08.13 16:12:04 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Christina\AppData\Roaming\mozilla\Firefox\Profiles\it26w7cr.default\extensions\DeviceDetection@logitech.com
[2010.12.22 10:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.16 12:19:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.16 12:19:30 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.16 12:19:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.16 12:19:30 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.16 12:19:30 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.16 12:19:30 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.16 12:19:30 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [GMX_GMX MultiMessenger] C:\Program Files\GMX\GMX MultiMessenger\MESSENGR.EXE (GMX GmbH)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - HKCU..\Run: [xool6ic3qd] C:\Users\Christina\xool6ic3qd.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin File not found
O4 - Startup: C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSpot Manager.lnk = C:\Programme\HotSpot Manager\HotSpotMgr.exe (T-Systems Enterprise Services GmbH)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D29EB2E-3940-421A-B7EC-058C5048ED15}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EFDA652-D40E-4E02-854D-CD31FA71EA55}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Christina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.12 11:52:54 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\Malwarebytes
[2012.06.12 11:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.12 11:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.12 11:52:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.12 11:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.11 22:35:10 | 000,000,000 | ---D | C] -- C:\Users\Christina\Desktop\Sortiment-Bluetenpracht--Schatten--1217d1a123517-Dateien
[2012.05.16 12:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.16 12:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.16 12:17:54 | 000,000,000 | ---D | C] -- C:\Users\Christina\AppData\Roaming\KodakCredentialStore
[2012.05.15 21:59:58 | 000,000,000 | ---D | C] -- C:\Users\Christina\Desktop\scene-analysis-1-Dateien
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.12 12:18:53 | 000,000,000 | ---- | M] () -- C:\Users\Christina\defogger_reenable
[2012.06.12 12:05:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.12 11:58:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.12 11:52:44 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.12 11:08:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.11 22:35:13 | 000,048,495 | ---- | M] () -- C:\Users\Christina\Desktop\Sortiment-Bluetenpracht--Schatten--1217d1a123517.html
[2012.06.11 22:32:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 22:32:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.09 18:41:01 | 000,000,680 | ---- | M] () -- C:\Users\Christina\AppData\Local\d3d9caps.dat
[2012.06.07 13:05:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.16 12:19:54 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.16 12:19:54 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.16 12:19:54 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.16 12:19:54 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.16 12:18:31 | 000,000,853 | ---- | M] () -- C:\Users\Christina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSpot Manager.lnk
[2012.05.15 22:34:42 | 000,072,704 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2012.05.15 22:33:14 | 000,027,715 | ---- | M] () -- C:\Users\Christina\AppData\Roaming\nvModes.001
[2012.05.15 22:30:00 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012.05.15 22:29:14 | 3219,173,376 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.15 22:29:10 | 290,413,599 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.15 22:04:46 | 000,109,980 | ---- | M] () -- C:\Users\Christina\Desktop\Filmanalyse.pdf
[2012.05.15 21:59:59 | 000,014,761 | ---- | M] () -- C:\Users\Christina\Desktop\scene-analysis-1.html
[2012.05.15 14:58:13 | 000,065,541 | ---- | M] () -- C:\Users\Christina\Desktop\SOPHIE.jpg
[2012.05.15 14:06:19 | 000,171,686 | ---- | M] () -- C:\Users\Christina\Desktop\Haus Außen 2.jpg
[2012.05.15 14:05:59 | 000,182,575 | ---- | M] () -- C:\Users\Christina\Desktop\Haus Außen.jpg
[2012.05.15 14:05:24 | 000,082,091 | ---- | M] () -- C:\Users\Christina\Desktop\Familienfoto.jpg
[2012.05.15 14:05:09 | 000,048,701 | ---- | M] () -- C:\Users\Christina\Desktop\Haus Innen 4.jpg
[2012.05.15 14:04:53 | 000,032,271 | ---- | M] () -- C:\Users\Christina\Desktop\Haus Innen 3.jpg
[2012.05.15 14:04:38 | 000,044,178 | ---- | M] () -- C:\Users\Christina\Desktop\Haus Innen 2.jpg
[2012.05.15 14:04:22 | 000,061,762 | ---- | M] () -- C:\Users\Christina\Desktop\Haus Innen.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.12 12:18:53 | 000,000,000 | ---- | C] () -- C:\Users\Christina\defogger_reenable
[2012.06.12 11:52:44 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.11 22:35:09 | 000,048,495 | ---- | C] () -- C:\Users\Christina\Desktop\Sortiment-Bluetenpracht--Schatten--1217d1a123517.html
[2012.05.27 23:25:43 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.16 12:19:38 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.05.15 22:04:46 | 000,109,980 | ---- | C] () -- C:\Users\Christina\Desktop\Filmanalyse.pdf
[2012.05.15 21:59:58 | 000,014,761 | ---- | C] () -- C:\Users\Christina\Desktop\scene-analysis-1.html
[2012.05.15 14:58:13 | 000,065,541 | ---- | C] () -- C:\Users\Christina\Desktop\SOPHIE.jpg
[2012.05.15 14:06:19 | 000,171,686 | ---- | C] () -- C:\Users\Christina\Desktop\Haus Außen 2.jpg
[2012.05.15 14:05:58 | 000,182,575 | ---- | C] () -- C:\Users\Christina\Desktop\Haus Außen.jpg
[2012.05.15 14:05:23 | 000,082,091 | ---- | C] () -- C:\Users\Christina\Desktop\Familienfoto.jpg
[2012.05.15 14:05:09 | 000,048,701 | ---- | C] () -- C:\Users\Christina\Desktop\Haus Innen 4.jpg
[2012.05.15 14:04:52 | 000,032,271 | ---- | C] () -- C:\Users\Christina\Desktop\Haus Innen 3.jpg
[2012.05.15 14:04:38 | 000,044,178 | ---- | C] () -- C:\Users\Christina\Desktop\Haus Innen 2.jpg
[2012.05.15 14:04:22 | 000,061,762 | ---- | C] () -- C:\Users\Christina\Desktop\Haus Innen.jpg
[2011.09.28 17:08:36 | 000,178,661 | ---- | C] () -- C:\Windows\hpoins27.dat.temp
[2011.09.28 17:08:36 | 000,000,888 | ---- | C] () -- C:\Windows\hpomdl27.dat.temp
[2011.09.28 16:53:42 | 000,178,587 | ---- | C] () -- C:\Windows\hpoins27.dat
[2011.08.24 09:22:12 | 000,000,680 | ---- | C] () -- C:\Users\Christina\AppData\Local\d3d9caps.dat
[2011.02.10 13:47:28 | 000,002,048 | -HS- | C] () -- C:\Users\Christina\AppData\Local\{4c1a69f0-f01e-91e9-437f-87866c4f046f}\@

========== LOP Check ==========

[2010.08.02 12:24:38 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2009.03.12 00:20:37 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2008.09.27 18:14:07 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\GMX
[2009.08.02 18:03:37 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\ICQ
[2008.12.15 22:58:23 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Morpheus Software
[2008.11.30 03:21:07 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\SecondLife
[2012.04.17 18:09:29 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Skinux
[2008.09.04 17:31:21 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\Template
[2008.09.15 18:19:53 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\tmp
[2009.03.12 00:09:34 | 000,000,000 | ---D | M] -- C:\Users\Christina\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2012.05.15 22:30:00 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2012.03.02 04:48:25 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
___________________________________________________________

3. 32-bit System, also GMER scannen lassen - Ergebnis auch als .zip

So, ich hoffe ich konnte damit schon einige Infos bereitstellen. Über jegliche Art von Rückmeldung würde ich mich sehr freuen - und ich versuche auch möglichst rasch zu antworten. Zu meiner Verteidigung muss ich aber sagen, dass ich Vollzeitmami bin, also kann es sein, dass ich erst am Abend antworte - ich tue mein Bestes.

Ich bedanke mich schon einmal im voraus und wünsch viele Grüße aus dem Ruhrgebiet!

Eure,

Christina


NACHTRAG: Noch während ich diese Nachricht nochmal durchgelesen habe, kam eine weitere Meldung von Avira: "In der Datei 'C:\Users\Christina\AppData\Local\Temp\1869962394.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Sirefef.P.465' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern"

Überhaupt verweigere ich den Zugriff oder klicke auf Quarantäne - die Meldungen kommen aber immer wieder. Ich werde wahnsinnig!

Ich habe aber jetzt mal die 'Logs' von Avira durchgeschaut und kann jetzt sagen, wann genau die Meldung das erste Mal aufkam. So steht es da, gemeldet am 06.06.2012, 13:54h:

"'C:\Users\Christina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCQMU3Q4\7[1].exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern"

Vielleicht hilft das...