tr/sirefef.bv.2 Befall

DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.3.1
Run by Daniel at 0:03:14 on 2012-03-19
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1326 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
G:\Avira\AntiVir Desktop\avguard.exe
G:\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
G:\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\avmwlanstick\WlanNetService.exe
G:\Itunes\iTunesHelper.exe
C:\Programme\Bonjour\mDNSResponder.exe
G:\PDF24\pdf24.exe
G:\HTC Sync 3.0\htcUPCTLoader.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programme\GamersFirst\LIVE!\Live.exe
C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
G:\Open Office\program\soffice.exe
G:\Open Office\program\soffice.bin
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Programme\Pando Networks\Media Booster\PMB.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
G:\Avira\AntiVir Desktop\avnotify.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\TEMP\bgkmkx\setup.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/home.php?
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\programme\windows live\messenger\msnmsgr.exe" /background
uRun: [RGSC] f:\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
uRun: [{017229C4-5992-2F4F-AE39-D7C7AE5C2280}] "c:\dokumente und einstellungen\daniel\anwendungsdaten\kya\esvylem.exe"
mRun: [avgnt] "g:\avira\antivir desktop\avgnt.exe" /min
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVMWlanClient] c:\programme\avmwlanstick\wlangui.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "g:\itunes\iTunesHelper.exe"
mRun: [PDFPrint] g:\pdf24\pdf24.exe
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\programme\gemeinsame dateien\apple\mobile device support\AppleSyncNotifier.exe
mRun: [HTC Sync Loader] "g:\htc sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\daniel\startm~1\progra~1\autost~1\openof~1.lnk - g:\open office\program\quickstart.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\gamers~1.lnk - c:\programme\gamersfirst\live!\Live.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\mcafee~1.lnk - c:\programme\mcafee security scan\2.0.181\SSScheduler.exe
IE: Free YouTube Download - c:\dokumente und einstellungen\daniel\anwendungsdaten\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\daniel\anwendungsdaten\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - g:\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\micros~1\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{BDEE96B7-E5D2-4E98-8A37-DF050D93FB16} : DhcpNameServer = 192.168.178.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\daniel\anwendungsdaten\mozilla\firefox\profiles\tn1nuagx.default\
FF - component: c:\dokumente und einstellungen\daniel\anwendungsdaten\mozilla\firefox\profiles\tn1nuagx.default\extensions\fb_add_on@avm.de\platform\winnt_x86-msvc\components\FB_AddOn.dll
FF - plugin: c:\programme\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\programme\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programme\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\programme\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: g:\itunes\mozilla plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2007-5-25 137728]
R1 avgio;avgio;g:\avira\antivir desktop\avgio.sys [2010-12-13 11608]
R2 AntiVirSchedulerService;Avira AntiVir Planer;g:\avira\antivir desktop\sched.exe [2010-12-13 136360]
R2 AntiVirService;Avira AntiVir Guard;g:\avira\antivir desktop\avguard.exe [2010-12-13 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-13 66616]
R2 PassThru Service;Internet Pass-Through Service;c:\programme\htc\internet pass-through\PassThruSvr.exe [2010-9-7 79872]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2010-12-13 38656]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [2009-5-7 265088]
S2 AMService;AMService;c:\windows\temp\bgkmkx\setup.exe run --> c:\windows\temp\bgkmkx\setup.exe run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2009-5-7 4352]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-12-18 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva382;XDva382;\??\c:\windows\system32\xdva382.sys --> c:\windows\system32\XDva382.sys [?]
S3 XDva383;XDva383;\??\c:\windows\system32\xdva383.sys --> c:\windows\system32\XDva383.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva388;XDva388;\??\c:\windows\system32\xdva388.sys --> c:\windows\system32\XDva388.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\xdva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?]
.
=============== Created Last 30 ================
.
2012-03-16 21:33:18	0	--sha-w-	c:\windows\system32\dds_trash_log.cmd
2012-03-13 20:44:03	--------	d-----w-	c:\dokumente und einstellungen\daniel\lokale einstellungen\anwendungsdaten\Sun
2012-03-12 02:02:32	--------	d-----w-	c:\dokumente und einstellungen\daniel\.android
2012-03-12 01:55:46	--------	d-----w-	c:\programme\Oracle
2012-03-12 01:53:52	637848	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-03-12 01:51:01	--------	d-----w-	c:\dokumente und einstellungen\daniel\jdk1.7.0_03_combo
2012-03-05 18:27:33	--------	d-----w-	c:\dokumente und einstellungen\daniel\anwendungsdaten\Rii
2012-03-05 18:27:33	--------	d-----w-	c:\dokumente und einstellungen\daniel\anwendungsdaten\Kya
2012-03-04 21:48:54	--------	d-----w-	c:\dokumente und einstellungen\daniel\anwendungsdaten\Dev-Cpp
2012-03-04 15:36:40	--------	d-----w-	c:\dokumente und einstellungen\daniel\anwendungsdaten\OpenOffice.org
.
==================== Find3M  ====================
.
2012-02-05 15:17:22	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2012-02-03 09:57:08	1860224	----a-w-	c:\windows\system32\win32k.sys
2012-01-11 19:06:33	3072	------w-	c:\windows\system32\iacenc.dll
2012-01-10 12:57:46	141312	----a-w-	c:\windows\system32\javacpl.cpl
2012-01-10 12:57:10	567696	----a-w-	c:\windows\system32\deployJava1.dll
2012-01-09 16:20:20	139784	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2006-05-03 09:06:54	163328	--sha-r-	c:\windows\system32\flvDX.dll
2007-02-21 10:47:16	31232	--sha-r-	c:\windows\system32\msfDX.dll
2008-03-16 12:30:52	216064	--sha-r-	c:\windows\system32\nbDX.dll
.
============= FINISH:  0:04:18,78 ===============