Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr


Plagegeister aller Art und deren Bekämpfung: JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.11.2012, 23:44   #1
shopgirl86
 
JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr - Standard

JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr


Hallo,

hatte Anfang der Woche den TR/Spy.ZBot.dynb drauf und mit Malwarebytes entfernt. Das Programm fand danach nichts mehr. Heute habe ich noch mal über alles Avira drüberlaufen lassen und da gab es 27 Infektionsmeldungen und 22 Warnungen. Die meisten der Infektionen sind aber im Spamfilter (Spamihilator) oder im Papierkorb im Mailprogramm (ungeöffnet, auch keine Vorschau!), die öffne ich nicht und beschäftigen mich daher auch nicht. Der TR/Spy.ZBot.dynb wurde nochmal gefunden, aber in einem _OTL\MovedFiles-Ordner, ich vermute daher, dass das der Überrest von einer früheren Infektion war, die ich mit Hilfe von hier (danke :-) in den Griff bekommen hatte. Allerdings gibt es da ein paar Java-Viren, die ich nicht interpretieren kann.

Hier mal der Avira-Scan von eben:
Code:
ATTFilter

Avira Free Antivirus
Report file date: Mittwoch, 21. November 2012  18:01

Scanning for 4536279 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows 7 Home Premium
Windows version : (plain)  [6.1.7600]
Boot mode       : Normally booted
Username        : HP Berlin
Computer name   : HPBERLIN-PC

Version information:
BUILD.DAT       : 12.0.0.1125          Bytes  02.05.2012 17:40:00
AVSCAN.EXE      : 12.3.0.15     466896 Bytes  01.05.2012 22:48:51
AVSCAN.DLL      : 12.3.0.15      54736 Bytes  02.05.2012 13:31:39
LUKE.DLL        : 12.3.0.15      68304 Bytes  01.05.2012 23:31:47
AVSCPLR.DLL     : 12.3.0.14      97032 Bytes  01.05.2012 22:13:36
AVREG.DLL       : 12.3.0.17     232200 Bytes  20.06.2012 11:28:33
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14.12.2010 23:23:21
VBASE002.VDF    : 7.11.19.170 14374912 Bytes  20.12.2011 23:32:24
VBASE003.VDF    : 7.11.21.238  4472832 Bytes  01.02.2012 09:58:50
VBASE004.VDF    : 7.11.26.44   4329472 Bytes  28.03.2012 10:43:53
VBASE005.VDF    : 7.11.34.116  4034048 Bytes  29.06.2012 17:36:28
VBASE006.VDF    : 7.11.41.250  4902400 Bytes  06.09.2012 17:54:49
VBASE007.VDF    : 7.11.45.207  2363904 Bytes  11.10.2012 20:02:59
VBASE008.VDF    : 7.11.45.208     2048 Bytes  11.10.2012 20:02:59
VBASE009.VDF    : 7.11.45.209     2048 Bytes  11.10.2012 20:02:59
VBASE010.VDF    : 7.11.45.210     2048 Bytes  11.10.2012 20:02:59
VBASE011.VDF    : 7.11.45.211     2048 Bytes  11.10.2012 20:03:00
VBASE012.VDF    : 7.11.45.212     2048 Bytes  11.10.2012 20:03:00
VBASE013.VDF    : 7.11.45.213     2048 Bytes  11.10.2012 20:03:00
VBASE014.VDF    : 7.11.46.65    220160 Bytes  16.10.2012 20:02:55
VBASE015.VDF    : 7.11.46.153   173568 Bytes  18.10.2012 20:02:56
VBASE016.VDF    : 7.11.46.223   162304 Bytes  19.10.2012 20:02:57
VBASE017.VDF    : 7.11.47.35    126464 Bytes  22.10.2012 20:03:06
VBASE018.VDF    : 7.11.47.95    175616 Bytes  24.10.2012 20:03:05
VBASE019.VDF    : 7.11.47.177   164352 Bytes  26.10.2012 08:24:07
VBASE020.VDF    : 7.11.47.229   143360 Bytes  28.10.2012 09:24:14
VBASE021.VDF    : 7.11.48.47    138240 Bytes  30.10.2012 17:01:07
VBASE022.VDF    : 7.11.48.135   122880 Bytes  01.11.2012 17:21:31
VBASE023.VDF    : 7.11.48.209   142848 Bytes  05.11.2012 18:14:15
VBASE024.VDF    : 7.11.48.243   119296 Bytes  05.11.2012 18:14:10
VBASE025.VDF    : 7.11.49.47    136704 Bytes  07.11.2012 18:14:32
VBASE026.VDF    : 7.11.49.135   194560 Bytes  09.11.2012 13:11:09
VBASE027.VDF    : 7.11.49.209   188416 Bytes  12.11.2012 13:11:11
VBASE028.VDF    : 7.11.50.27    212992 Bytes  14.11.2012 16:38:23
VBASE029.VDF    : 7.11.50.105   200704 Bytes  18.11.2012 18:22:53
VBASE030.VDF    : 7.11.50.164   340992 Bytes  20.11.2012 18:22:52
VBASE031.VDF    : 7.11.50.174    43008 Bytes  20.11.2012 18:22:52
Engine version  : 8.2.10.202
AEVDF.DLL       : 8.1.2.10      102772 Bytes  11.07.2012 14:40:48
AESCRIPT.DLL    : 8.1.4.66      463227 Bytes  12.11.2012 13:11:45
AESCN.DLL       : 8.1.9.4       131445 Bytes  19.11.2012 18:22:55
AESBX.DLL       : 8.2.5.12      606578 Bytes  20.06.2012 11:28:32
AERDL.DLL       : 8.2.0.74      643445 Bytes  07.11.2012 18:14:36
AEPACK.DLL      : 8.3.0.40      815479 Bytes  12.11.2012 13:11:44
AEOFFICE.DLL    : 8.1.2.50      201084 Bytes  05.11.2012 18:14:21
AEHEUR.DLL      : 8.1.4.138    5542265 Bytes  19.11.2012 18:22:55
AEHELP.DLL      : 8.1.25.2      258423 Bytes  14.10.2012 20:03:03
AEGEN.DLL       : 8.1.6.10      438646 Bytes  19.11.2012 18:22:53
AEEXP.DLL       : 8.2.0.10      119158 Bytes  05.11.2012 18:14:22
AEEMU.DLL       : 8.1.3.2       393587 Bytes  11.07.2012 14:40:41
AECORE.DLL      : 8.1.29.2      201079 Bytes  07.11.2012 18:14:33
AEBB.DLL        : 8.1.1.4        53619 Bytes  05.11.2012 18:14:17
AVWINLL.DLL     : 12.3.0.15      27344 Bytes  01.05.2012 22:59:21
AVPREF.DLL      : 12.3.0.15      51920 Bytes  01.05.2012 22:44:31
AVREP.DLL       : 12.3.0.15     179208 Bytes  01.05.2012 22:13:35
AVARKT.DLL      : 12.3.0.15     211408 Bytes  01.05.2012 22:21:32
AVEVTLOG.DLL    : 12.3.0.15     169168 Bytes  01.05.2012 22:28:49
SQLITE3.DLL     : 3.7.0.1       398288 Bytes  16.04.2012 21:11:02
AVSMTP.DLL      : 12.3.0.15      63440 Bytes  01.05.2012 22:51:35
NETNT.DLL       : 12.3.0.15      17104 Bytes  01.05.2012 23:33:29
RCIMAGE.DLL     : 12.3.0.15    4450000 Bytes  02.05.2012 00:03:52
RCTEXT.DLL      : 12.3.0.15      96720 Bytes  02.05.2012 13:40:44

Configuration settings for the scan:
Jobname.............................: Manual Selection
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, 
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete
Deviating risk categories...........: +PCK,+PFS,+SPR,

Start of the scan: Mittwoch, 21. November 2012  18:01

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
    [INFO]      Please restart the search with Administrator rights
Master boot sector HD1
    [INFO]      No virus was found!
    [INFO]      Please restart the search with Administrator rights
Master boot sector HD2
    [INFO]      No virus was found!
    [INFO]      Please restart the search with Administrator rights
Master boot sector HD3
    [INFO]      No virus was found!
Master boot sector HD4
    [INFO]      No virus was found!
Master boot sector HD5
    [INFO]      No virus was found!
Master boot sector HD6
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
    [INFO]      Please restart the search with Administrator rights
C:\Program Files (x86)\Handbrake\uninst.exe
  [WARNING]   Invalid end of file

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'SyncServer.exe' - '1' Module(s) have been scanned
Scan process 'ATH.exe' - '1' Module(s) have been scanned
Scan process 'ATH.exe' - '1' Module(s) have been scanned
Scan process 'APSDaemon.exe' - '1' Module(s) have been scanned
Scan process 'distnoted.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceHelper.exe' - '1' Module(s) have been scanned
Scan process 'iTunes.exe' - '1' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '1' Module(s) have been scanned
Scan process 'DVDAgent.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'wlmail.exe' - '1' Module(s) have been scanned
Scan process 'Dropbox.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'tvtip.exe' - '1' Module(s) have been scanned
  Module is OK -> <C:\Programme\TV Movie ClickFinder\tvtip.exe>
  [WARNING]   The file could not be opened!
  [NOTE]      The file does not exist!
  [NOTE]      Process 'tvtip.exe' was terminated
Scan process 'PBN.exe' - '1' Module(s) have been scanned
Scan process 'WNA3100.exe' - '1' Module(s) have been scanned
Scan process 'MSOSYNC.EXE' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\' <HP>
C:\Program Files (x86)\Handbrake\uninst.exe
  [WARNING]   Invalid end of file
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIWNGUX7\tvbilder-009-20120716[1].cftv
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\helmut whatz-up\Deleted Items\69080407-000004FB.eml
  [0] Archive type: MIME
  --> DCIM.htm
      [DETECTION] Contains recognition pattern of the JS/iFrame.NV Java script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\helmut whatz-up\Deleted Items\70F578F5-000004FC.eml
  [0] Archive type: MIME
  --> DCIM.htm
      [DETECTION] Contains recognition pattern of the JS/iFrame.NV Java script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\40572C6E-000026B0.eml
  [0] Archive type: MIME
  --> Contract_Scan_DS8220.htm
      [DETECTION] Contains recognition pattern of the HTML/Redirect.FQ HTML script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\4359467D-000025D4.eml
  [0] Archive type: MIME
  --> Persönliches Profil - PayPal.htm
      [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\481A1C9C-000026EA.eml
  [0] Archive type: MIME
  --> Invoice_T756916.htm
      [DETECTION] Contains recognition pattern of the JS/Redirector.QW Java script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\7F9776EE-000026FE.eml
  [0] Archive type: MIME
  --> Invoices-02-2012.htm
      [DETECTION] Contains recognition pattern of the JS/Column.EB.3 Java script virus
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Sent Items\125228EB-000006CE.eml
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Sent Items\16DB4C5D-0000070F.eml
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Sent Items\79F22B86-0000070D.eml
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\1A1B17E6-00000279.eml
  [0] Archive type: MIME
  --> Persönliches Profil - PayPal.htm
      [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\3BE02A2C-0000027C.eml
  [0] Archive type: MIME
  --> Persönliches Profil - PayPal.htm
      [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\7498193E-00000280.eml
  [0] Archive type: MIME
  --> Persönliches Profil - PayPal.htm
      [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
C:\Users\HP Berlin\AppData\Local\Temp\GLZHZD
  [0] Archive type: ZIP
  --> testesta.class
      [DETECTION] Contains recognition pattern of the JAVA/Dermit.EM Java virus
  --> testestb.class
      [DETECTION] Contains recognition pattern of the JAVA/Dermit.EN Java virus
  --> NewClass1.class
      [DETECTION] Contains recognition pattern of the JAVA/Pesur.AY Java virus
  --> testestd.class
      [DETECTION] Contains recognition pattern of the JAVA/Karamel.AO.3 Java virus
  --> testestc.class
      [DETECTION] Contains recognition pattern of the JAVA/Karamel.AP.3 Java virus
C:\Users\HP Berlin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5e06165d-3a143d3b
  [0] Archive type: ZIP
  --> trphpgdtafbtttmvy/mltdmagswwqvsafpq.class
      [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.FW Java virus
  --> trphpgdtafbtttmvy/qysfflnsla.class
      [DETECTION] Contains recognition pattern of the JAVA/Dldr.Themo.F.2 Java virus
  --> trphpgdtafbtttmvy/vnvvqw.class
      [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.GA Java virus
C:\Users\HP Berlin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\6b5cda3f-36b61bfb
  [0] Archive type: ZIP
  --> testesta.class
      [DETECTION] Contains recognition pattern of the JAVA/Dermit.EM Java virus
  --> testestb.class
      [DETECTION] Contains recognition pattern of the JAVA/Dermit.EN Java virus
  --> NewClass1.class
      [DETECTION] Contains recognition pattern of the JAVA/Pesur.AY Java virus
  --> testestd.class
      [DETECTION] Contains recognition pattern of the JAVA/Karamel.AO.3 Java virus
  --> testestc.class
      [DETECTION] Contains recognition pattern of the JAVA/Karamel.AP.3 Java virus
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20110907-220740\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20110907-220740\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-171954\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-171954\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-175130\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-175130\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-181205\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\7720b8c952392fc87ea77801483cf6b01eb02f98-20111113-181205\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\dc11c0ccf27644db194fc798c077d27af5b38f49\0a9ce9b42efcbc7aa54ffebe58bb82cd080a1696
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Apple Computer\MobileSync\Backup\dc11c0ccf27644db194fc798c077d27af5b38f49\85cc27fbce264aadfdab8fc9e618d3429ee24940
  [WARNING]   The file is password protected
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010676.msg
  [0] Archive type: MIME
  --> Document_N47683.htm
      [DETECTION] Contains recognition pattern of the HTML/Redir.K HTML script virus
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010685.msg
  [0] Archive type: MIME
  --> HP-Document-26506.htm
      [DETECTION] Contains recognition pattern of the JS/Blacole.CV Java script virus
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010692.msg
  [0] Archive type: MIME
  --> HP-Scan-67990.htm
      [DETECTION] Contains recognition pattern of the JS/Redir.BE.1 Java script virus
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010731.msg
  [0] Archive type: MIME
  --> Invoices-02-2012.htm
      [DETECTION] Contains recognition pattern of the JS/Column.EB.3 Java script virus
C:\Users\HP Berlin\Downloads\avira_free_antivirus_en.exe
  [WARNING]   The file is password protected
C:\Users\HP Berlin\Downloads\avira_free_antivirus_en2012.exe
  [WARNING]   The file is password protected
C:\Users\HP Berlin\Downloads\iPhone2,1_4.0_8A293_Restore.zip
  [WARNING]   Invalid compressed data
C:\Users\HP Berlin\Music\iTunes\iTunes Media\Mobile Applications\CubeMaze 1.0.ipa
  [WARNING]   The file is password protected
C:\Users\HP Berlin\Music\iTunes\iTunes Media\Mobile Applications\Graz Touch 1.0 1.ipa
  [WARNING]   Possible archive bomb: the maximum unpack size has been reached.
C:\_OTL\MovedFiles\06142012_181231\C_Users\HP Berlin\AppData\Roaming\Biyva\myasi.exe
  [DETECTION] Is the TR/Spy.ZBot.dynb Trojan

Beginning disinfection:
C:\_OTL\MovedFiles\06142012_181231\C_Users\HP Berlin\AppData\Roaming\Biyva\myasi.exe
  [DETECTION] Is the TR/Spy.ZBot.dynb Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5788faa5.qua'.
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010731.msg
  [DETECTION] Contains recognition pattern of the JS/Column.EB.3 Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '4eccd579.qua'.
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010692.msg
  [DETECTION] Contains recognition pattern of the JS/Redir.BE.1 Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '1c938f91.qua'.
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010685.msg
  [DETECTION] Contains recognition pattern of the JS/Blacole.CV Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '7aa4c053.qua'.
C:\Users\HP Berlin\AppData\Roaming\Spamihilator\messages\0000010676.msg
  [DETECTION] Contains recognition pattern of the HTML/Redir.K HTML script virus
  [NOTE]      The file was moved to the quarantine directory under the name '3f20ed6d.qua'.
C:\Users\HP Berlin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\6b5cda3f-36b61bfb
  [DETECTION] Contains recognition pattern of the JAVA/Karamel.AP.3 Java virus
  [NOTE]      The file was moved to the quarantine directory under the name '4004df5e.qua'.
C:\Users\HP Berlin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\5e06165d-3a143d3b
  [DETECTION] Contains recognition pattern of the JAVA/Dldr.Lamar.GA Java virus
  [NOTE]      The file was moved to the quarantine directory under the name '0c83f309.qua'.
C:\Users\HP Berlin\AppData\Local\Temp\GLZHZD
  [DETECTION] Contains recognition pattern of the JAVA/Karamel.AP.3 Java virus
  [NOTE]      The file was moved to the quarantine directory under the name '7141b332.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\7498193E-00000280.eml
  [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
  [NOTE]      The file was moved to the quarantine directory under the name '5dfa9c67.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\3BE02A2C-0000027C.eml
  [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
  [NOTE]      The file was moved to the quarantine directory under the name '4486a7f3.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\tate\Deleted Items\1A1B17E6-00000279.eml
  [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
  [NOTE]      The file was moved to the quarantine directory under the name '28f68bc2.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\7F9776EE-000026FE.eml
  [DETECTION] Contains recognition pattern of the JS/Column.EB.3 Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '5977b24a.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\481A1C9C-000026EA.eml
  [DETECTION] Contains recognition pattern of the JS/Redirector.QW Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '5755829b.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\4359467D-000025D4.eml
  [DETECTION] Contains recognition pattern of the PHISH/PayPal.AX phishing file/email
  [NOTE]      The file was moved to the quarantine directory under the name '1240fbdc.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\Kobel (kons 51a\Deleted Items\40572C6E-000026B0.eml
  [DETECTION] Contains recognition pattern of the HTML/Redirect.FQ HTML script virus
  [NOTE]      The file was moved to the quarantine directory under the name '1b4bff4a.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\helmut whatz-up\Deleted Items\70F578F5-000004FC.eml
  [DETECTION] Contains recognition pattern of the JS/iFrame.NV Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '431be623.qua'.
C:\Users\HP Berlin\AppData\Local\Microsoft\Windows Live Mail\helmut whatz-up\Deleted Items\69080407-000004FB.eml
  [DETECTION] Contains recognition pattern of the JS/iFrame.NV Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '6fc19fd4.qua'.


End of the scan: Mittwoch, 21. November 2012  23:30
Used time:  5:26:37 Hour(s)

The scan has been done completely.

  50331 Scanned directories
 2963804 Files were scanned
     27 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
     17 Files were moved to quarantine
      0 Files were renamed
      1 Files cannot be scanned
 2963776 Files not concerned
 183475 Archives were scanned
     22 Warnings
     18 Notes
und das Malwarebytes-Protokoll von heute Nachmittag:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.19.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
HP Berlin :: HPBERLIN-PC [Administrator]

21.11.2012 17:03:52
mbam-log-2012-11-21 (17-03-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 250303
Laufzeit: 6 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Und OTL hat das hier gemeint:

Code:
ATTFilter
OTL logfile created on: 21.11.2012 17:10:26 - Run 5
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\HP Berlin\Desktop\AntiSpyware
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 6,15 Gb Available Physical Memory | 77,00% Memory free
11,90 Gb Paging File | 8,60 Gb Available in Paging File | 72,29% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,15 Gb Total Space | 472,08 Gb Free Space | 69,00% Space Free | Partition Type: NTFS
Drive D: | 14,39 Gb Total Space | 2,53 Gb Free Space | 17,55% Space Free | Partition Type: NTFS
Drive E: | 698,64 Gb Total Space | 470,04 Gb Free Space | 67,28% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive O: | 1396,92 Gb Total Space | 833,84 Gb Free Space | 59,69% Space Free | Partition Type: FAT32
 
Computer Name: HPBERLIN-PC | User Name: HP Berlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.25 03:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\HP Berlin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.06.13 21:45:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\HP Berlin\Desktop\AntiSpyware\OTL.exe
PRC - [2012.05.02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.01 23:31:38 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.02.26 23:15:32 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2012.02.20 20:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.02.15 09:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010.07.29 19:02:53 | 000,651,264 | ---- | M] (E.W.E.-Software) -- C:\Programme\TV Movie\TV Movie ClickFinder\tvtip.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2009.11.25 17:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
PRC - [2009.08.05 12:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009.07.23 19:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.12 13:02:33 | 000,839,608 | ---- | M] () -- C:\Windows\assembly\GAC_32\SwissAcademic.Citavi.IEPicker\3.1.0.0__f59eabe05cc67589\SwissAcademic.Citavi.IEPicker.dll
MOD - [2012.04.14 11:30:02 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
MOD - [2012.02.11 23:56:21 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.08.14 08:13:35 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\149c74602e3720d5e12fd34691793f45\CustomMarshalers.ni.dll
MOD - [2010.08.14 07:46:56 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll
MOD - [2010.08.14 07:46:50 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll
MOD - [2010.08.14 07:46:48 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b2e6d33df15f6ca262db09558982e0f2\Accessibility.ni.dll
MOD - [2010.08.14 07:46:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
MOD - [2010.08.14 07:46:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
MOD - [2010.08.14 07:46:30 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
MOD - [2010.08.14 07:46:24 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
MOD - [2010.01.20 16:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2009.11.25 17:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
MOD - [2009.09.15 18:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
MOD - [2009.08.28 15:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2009.08.05 12:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009.06.10 22:41:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.10 22:22:50 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.05.02 00:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2010.04.16 08:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.12 10:11:24 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010.01.04 19:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.12.28 16:25:40 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2009.12.17 16:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) @C:\Program Files (x86)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006.09.14 07:56:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2005.09.30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.01.07 15:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.01.06 18:37:02 | 000,051,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.11 10:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.06 07:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 15:31:42 | 000,233,472 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.01.19 17:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2009.07.23 19:45:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/09/24 16:32:44] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {D56565BD-FD80-481B-8232-1AAE0340DB2B}
IE:64bit: - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE:64bit: - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKLM\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE - HKLM\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q
IE - HKCU\..\SearchScopes,DefaultScope = {C79569B9-0771-4C65-B14E-845F99A6BCD9}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{BD45CD95-A9C1-4209-B2ED-4B9B99703F40}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{C79569B9-0771-4C65-B14E-845F99A6BCD9}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D56565BD-FD80-481B-8232-1AAE0340DB2B}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcndtie7-de-at
IE - HKCU\..\SearchScopes\{E029F185-AB82-4242-A5F9-8108AE9A16B9}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.com/calendar/render?hl=de&tab=wc&gsessionid=ZkAmWI3R7rSgxWfTFbMw3Q|hxxp://www.babyzimmer.de/forumdisplay.php/4-Das-BZ-Forum|hxxp://www.facebook.com/|hxxp://dailydeal.de/gutscheine/berlin/?geo=on"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP Berlin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.05.19 21:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.23 11:52:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2010.01.04 22:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions
[2010.01.04 22:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.01 18:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP Berlin\AppData\Roaming\mozilla\Firefox\Profiles\13la5nka.default\extensions
[2012.09.23 11:52:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.06 02:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.16 10:44:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [TVTip] C:\Programme\TV Movie\TV Movie ClickFinder\tvstart.exe (E.W.E.-Software)
O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012.07.12 11:34:25 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\HP Berlin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\HP Berlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Spamihilator.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HP Berlin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4010814-8B20-43BB-A662-6A72EBA2F08C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.21 14:07:08 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{8EEC5C5C-0CEE-4EED-8F31-A4710E426A73}
[2012.11.20 18:46:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1EC5ED30-FDE7-4764-9BB4-CD93974CBF88}
[2012.11.19 21:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2012.11.19 12:28:55 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0929D70E-88D2-4007-8E58-F048718ED315}
[2012.11.19 11:13:53 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.11.19 10:34:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{DCC784B6-79A5-4781-8178-B47432DE31E0}
[2012.11.18 22:34:19 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AC1AED9A-E2B9-4466-9F05-8ABCE3EF831E}
[2012.11.18 10:34:12 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9784BF28-E68A-4859-8C53-419F4A757915}
[2012.11.17 22:33:53 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{45AD049F-F939-4FF3-A811-ADF9C1AA641C}
[2012.11.17 10:33:33 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{ED3FE1C2-99F9-42CA-BA7B-9C8FE5436AE9}
[2012.11.16 20:49:22 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5770DFB3-F22F-4351-A809-D82E49541AF8}
[2012.11.16 08:49:03 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9D2456A1-BE43-49CB-A60B-9BE57BA45706}
[2012.11.15 17:39:45 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{506EB94F-341B-4A95-8658-B285A5E4F246}
[2012.11.14 20:58:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EA0EFF52-D535-4762-86C0-9EAC96195613}
[2012.11.14 08:58:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F525D118-91B5-40D6-890A-CB5F88CAEE5E}
[2012.11.13 09:38:18 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{B500A58B-4191-42DC-B40B-43068B3E5BC1}
[2012.11.12 22:13:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C48C946B-FA5B-4E08-BF8C-E79D22DADB95}
[2012.11.12 10:13:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F7FBDB8E-A5FF-43C6-84A9-E993E30B0459}
[2012.11.11 22:12:44 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F6BDAD0C-3A9D-4BE8-AC6C-67A34E968BD5}
[2012.11.09 09:09:20 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C8EEAD40-2204-4E57-AB76-B574C6CFFCF0}
[2012.11.08 11:40:54 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{519CC909-217D-4629-925D-28BDAE42F89D}
[2012.11.07 10:22:21 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{742F2C70-138B-40E9-96CB-B9F99F5C94F0}
[2012.11.06 14:24:41 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{AF300890-1F02-4816-8326-B04AD23AF5A7}
[2012.11.05 21:19:51 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0343BF73-538B-4084-A9E8-5E49DFA03A24}
[2012.11.05 09:19:29 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{F6FFADC1-DB24-41BD-A24C-BFA06BD4F6C2}
[2012.11.04 11:37:24 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{CFB3CF4D-38EB-4AB4-AC72-8C4D9B1FF81B}
[2012.11.03 23:37:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EC9D1CFF-407F-4FFA-ACBE-0E8634590C58}
[2012.11.03 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9CF69E3E-F113-4407-B496-227F9645FD61}
[2012.11.02 13:21:47 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{103326DD-19C2-4FCE-B21D-CD0889AA76F4}
[2012.10.31 19:24:26 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{905AB02E-EECD-4696-BFD5-4314616E6B62}
[2012.10.31 07:24:05 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A68CB485-DA37-46BA-B0F6-9F821DCF3BCA}
[2012.10.30 18:11:11 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{EA491B2B-FBC0-4B4F-A5C4-13009FA0C30F}
[2012.10.29 22:40:23 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3CC5A4E5-C261-432E-B9F4-7D031947E234}
[2012.10.29 10:40:04 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{9ED5F4FC-DB7C-41F2-BB02-25B7BC8BEDA0}
[2012.10.28 22:39:41 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{6F078ECC-6355-4741-A8AD-0CA4D5B4CC48}
[2012.10.28 10:39:35 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{C724B98A-6D08-4996-9429-2B306B08F134}
[2012.10.27 21:23:32 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{69F66856-B145-4173-A636-8A15BC7052C6}
[2012.10.27 09:23:13 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A47A1C98-17C8-4D5E-A26D-B9502166F094}
[2012.10.26 21:22:48 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{3EA5563F-52B9-417D-87B3-6E9FA44E6F66}
[2012.10.26 11:58:52 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\Desktop\Xmas 2012
[2012.10.26 09:22:40 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{1C45F286-CAE4-46F6-842C-4699518246EE}
[2012.10.25 15:06:17 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{A8D11CC9-8FF8-4AF9-A0E0-B32DBEB93704}
[2012.10.24 21:39:22 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{5F3170CF-E661-40AD-B654-7E95D5D2B2B3}
[2012.10.24 09:39:15 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{D6750719-E796-40F0-B3A2-A0D0D5F96522}
[2012.10.23 21:38:56 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{E155E258-CC90-4A70-B57C-4DB83E3E8A24}
[2012.10.23 09:38:49 | 000,000,000 | ---D | C] -- C:\Users\HP Berlin\AppData\Local\{0AC5E2E9-007D-468D-9B39-13A5807BFC19}
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.21 17:17:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.21 13:39:17 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 13:39:17 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.21 13:36:53 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.21 13:36:53 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.21 13:36:53 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.21 13:36:53 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.21 13:36:53 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.21 13:31:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.21 13:31:29 | 2140,467,199 | -HS- | M] () -- C:\hiberfil.sys
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.30 21:31:01 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.16 10:30:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.16 10:30:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.16 10:30:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.16 10:30:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.16 10:30:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.23 20:25:53 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2011.06.08 15:51:36 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.06.08 15:51:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.06.08 15:51:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.06.08 15:51:36 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.06.08 15:51:36 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.06.08 15:51:36 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.06.08 15:51:36 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.06.08 15:51:36 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.06.08 15:51:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.06.08 15:51:36 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.06.08 15:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.06.08 15:51:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.06.08 15:51:36 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.06.08 15:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.06.08 15:51:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.06.08 15:51:36 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.06.08 15:51:36 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.06.08 15:51:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.06.08 15:51:36 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
 
========== LOP Check ==========
 
[2010.08.31 09:00:39 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2012.08.21 13:30:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Ich biete dann noch Hijackthis:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:00, on 04.01.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Spamihilator\spamihilator.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.babyzimmer.de/forum/script/forum1.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=94&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Spamihilator.lnk = C:\Program Files (x86)\Spamihilator\spamihilator.exe
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-AT\local\search.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix: 
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9386 bytes
Hab ich was vergessen?

Sind die Biester aktiv - und wie krieg ich sie wieder los?

Danke!
shopgirl

 

Themen zu JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr
adobe, antivir guard, avg, avira, bho, bonjour, canon, converter, defender, desktop, firefox, hijack, hijackthis, home, iexplore.exe, internet, logfile, mp3, netgear, nodrives, object, phish/paypal.ax, phishing, plug-in, programm, realtek, system, windows


« GVU Trojaner mit Webcam | Verdächte Cpu Last nach Beendigung von Spiel »


Ähnliche Themen: JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr


  1. Avira meldet TR/Dldr.Agent.2343.1 [trojan] und java/Lamar.sgf.27 [virus]
    Log-Analyse und Auswertung - 30.06.2015 (13)
  2. TR/Wysotot.Gen + Java/Dldr.lamar.OJ + adware/Installcore-gen
    Plagegeister aller Art und deren Bekämpfung - 03.03.2014 (13)
  3. AntiVir findet u.a.: TR/Dldr.Dofoil.R.266, JAVA/Dldr.Obfshlp.MA, EXP/CVE-2013-2423.DV, TR/Spy.ZBot.lntt.12, JAVA/Lamar.gta.27
    Log-Analyse und Auswertung - 24.07.2013 (13)
  4. Java-Virus (JAVA/Lamar.RI ; JAVA/Jogek.WK usw.)
    Log-Analyse und Auswertung - 18.06.2013 (12)
  5. Java-Virus JAVA/Dldr.Themod.IE + EXP/CVE-2013-0431.BK mit Avira entdeckt
    Log-Analyse und Auswertung - 06.06.2013 (15)
  6. Nach Verschlüsselungstrojaner viele Virenfunde (JAVA/Jogek.CT; rus JAVA/Agent.MH; JAVA/Dldr.Pesur.BH; W32/Idele.2219; VBS/Fluenza.B; u.a...
    Log-Analyse und Auswertung - 28.01.2013 (1)
  7. TR/Spy.Zbot.iehc und JAVA/Dldr.Pesur.AY und JAVA/Lamar.RY gefunden
    Plagegeister aller Art und deren Bekämpfung - 26.01.2013 (36)
  8. JAVA/Dldr.Lamar.OJ durch Avira Antivirus gefunden
    Log-Analyse und Auswertung - 19.12.2012 (11)
  9. Anhaltendes Virenproblem: JAVA/Agent.MN, TR/Spy.ZBot.gfbr.1, EXP/Dldr.Java.D-G, JAVA/Dldr.Rilly.A
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (25)
  10. Java-Virus JAVA/Dldr.Dermit.C, JAVA/Dldr.Kara.AB.1, JAVA/Dldr.Karame.AI
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  11. Fund JAVA/Dldr.Lamar.GA
    Log-Analyse und Auswertung - 21.10.2012 (28)
  12. Mehrere Funde! EXP/JAVA.Ternub.Gen - JAVA/Dldr.Small.CI - JAVA/Dldr.OpenC.A - EXP/08-5353.AI.5.A
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (29)
  13. TR/Dldr.Phdet.E.41/ EXP/2008-5353.CP/JAVA/Dldr.Lamar.BD/TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (29)
  14. Virenalarm - Gataka.D.57 & JAVA/Dldr.Lamar.BD
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (2)
  15. ATRAPS.GEN & GEN2, Dldr.Phdet.E.38, Kazy.79779, JAVA.Ternub.Gen, Dldr.Lamar.BD in C:\Users\.\AppData
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (3)
  16. #Java/Dldr.OpenS.P # Js/Dldr.Expack.N.2 --- Viren oder doch nur Java Dateien ?
    Log-Analyse und Auswertung - 25.04.2012 (9)
  17. Rechner langsam TR/FraudPack.apqc + EXP/Java.WebStart JAVA/Dldr.Agent.CI + CG
    Plagegeister aller Art und deren Bekämpfung - 12.05.2010 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr - Hallo, hatte Anfang der Woche den TR/Spy.ZBot.dynb drauf und mit Malwarebytes entfernt. Das Programm fand danach nichts mehr. Heute habe ich noch mal über alles Avira drüberlaufen lassen und da - JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr...
Archiv
Du betrachtest: JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55