Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.11.2010, 15:14   #1
Piet27
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



Hallo Trojaner Board Community,

wie im Thema oben beschrieben, habe ich heute folgende Virenfunde mit Avira endeckt. Ich hoffe ihr könnt mir helfen. Logreport von Avira folgt weiter unten.




Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 8. November 2010 11:32

Es wird nach 3022070 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : PERPETUUM_MOBIL

Versionsinformationen:
BUILD.DAT : 10.0.0.592 31823 Bytes 09.08.2010 10:49:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 02.08.2010 15:09:33
AVSCAN.DLL : 10.0.3.0 56168 Bytes 02.08.2010 15:09:45
LUKE.DLL : 10.0.2.3 104296 Bytes 02.08.2010 15:09:38
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 11:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:01:46
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 19:01:46
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 23:37:48
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 20:32:07
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 00:35:08
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 16:01:14
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 14:23:47
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.2010 18:49:35
VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.2010 09:26:15
VBASE009.VDF : 7.10.13.80 2265600 Bytes 02.11.2010 09:26:39
VBASE010.VDF : 7.10.13.81 2048 Bytes 02.11.2010 09:26:39
VBASE011.VDF : 7.10.13.82 2048 Bytes 02.11.2010 09:26:40
VBASE012.VDF : 7.10.13.83 2048 Bytes 02.11.2010 09:26:40
VBASE013.VDF : 7.10.13.116 147968 Bytes 04.11.2010 09:26:42
VBASE014.VDF : 7.10.13.147 146944 Bytes 07.11.2010 10:31:51
VBASE015.VDF : 7.10.13.148 2048 Bytes 07.11.2010 10:31:51
VBASE016.VDF : 7.10.13.149 2048 Bytes 07.11.2010 10:31:51
VBASE017.VDF : 7.10.13.150 2048 Bytes 07.11.2010 10:31:51
VBASE018.VDF : 7.10.13.151 2048 Bytes 07.11.2010 10:31:51
VBASE019.VDF : 7.10.13.152 2048 Bytes 07.11.2010 10:31:51
VBASE020.VDF : 7.10.13.153 2048 Bytes 07.11.2010 10:31:52
VBASE021.VDF : 7.10.13.154 2048 Bytes 07.11.2010 10:31:52
VBASE022.VDF : 7.10.13.155 2048 Bytes 07.11.2010 10:31:52
VBASE023.VDF : 7.10.13.156 2048 Bytes 07.11.2010 10:31:52
VBASE024.VDF : 7.10.13.157 2048 Bytes 07.11.2010 10:31:52
VBASE025.VDF : 7.10.13.158 2048 Bytes 07.11.2010 10:31:52
VBASE026.VDF : 7.10.13.159 2048 Bytes 07.11.2010 10:31:52
VBASE027.VDF : 7.10.13.160 2048 Bytes 07.11.2010 10:31:52
VBASE028.VDF : 7.10.13.161 2048 Bytes 07.11.2010 10:31:53
VBASE029.VDF : 7.10.13.162 2048 Bytes 07.11.2010 10:31:53
VBASE030.VDF : 7.10.13.163 2048 Bytes 07.11.2010 10:31:53
VBASE031.VDF : 7.10.13.164 2048 Bytes 07.11.2010 10:31:53
Engineversion : 8.2.4.92
AEVDF.DLL : 8.1.2.1 106868 Bytes 30.07.2010 11:28:48
AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 05.11.2010 09:27:19
AESCN.DLL : 8.1.6.1 127347 Bytes 13.05.2010 11:16:07
AESBX.DLL : 8.1.3.1 254324 Bytes 24.04.2010 17:15:16
AERDL.DLL : 8.1.9.2 635252 Bytes 05.11.2010 09:27:15
AEPACK.DLL : 8.2.3.11 471416 Bytes 05.11.2010 09:27:11
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 21.07.2010 18:42:40
AEHEUR.DLL : 8.1.2.38 2990455 Bytes 05.11.2010 09:27:08
AEHELP.DLL : 8.1.14.0 246134 Bytes 05.11.2010 09:26:54
AEGEN.DLL : 8.1.3.24 401781 Bytes 05.11.2010 09:26:52
AEEMU.DLL : 8.1.2.0 393588 Bytes 24.04.2010 17:15:08
AECORE.DLL : 8.1.17.0 196982 Bytes 05.11.2010 09:26:50
AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 17:15:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 02.08.2010 15:09:33
AVPREF.DLL : 10.0.0.0 44904 Bytes 02.08.2010 15:09:33
AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 14:26:53
AVREG.DLL : 10.0.3.2 53096 Bytes 02.08.2010 15:09:33
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 02.08.2010 15:09:33
AVARKT.DLL : 10.0.0.14 227176 Bytes 02.08.2010 15:09:31
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 02.08.2010 15:09:32
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 14:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 02.08.2010 15:09:33
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 14:27:01
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 13:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 02.08.2010 15:09:45

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Montag, 8. November 2010 11:32

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-4170765611-3392074641-2950244348-1000\Software\SecuROM\License information\datasecu
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-4170765611-3392074641-2950244348-1000\Software\SecuROM\License information\rkeysecu
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'hphc_service.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'Com4QLBEx.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqToaster.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'WiFiMsg.EXE' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqwmiex.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'NPSAgent.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISUSPM.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'DpAgent.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPWAMain.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuSchd2.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPKBDAPP.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'QLBCTRL.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '7' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'BLService.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'QPSched.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'QPCapSvc.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'FsUsbExService.Exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'QPService.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApplicationUpdater.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'aestsrv.exe' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '144' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'DpHostW.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'vfsFPService.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Hpservice.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'STacSV.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '152' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1703' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\5f9a8019-5d835470
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rowindal.A
--> CustomClass.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rowindal.A
--> dostuff.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rowindal.B
--> mosdef.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.C
--> SiteError.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.D
--> SuperPolicy.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rowindal.C
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\35e074ec-57a5cfd4
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.HO
--> a2ea.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.HO
--> ab5a.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.HQ
--> ab66.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.2025
--> ac60.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.HR
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\412e85be-151e8af6
[0] Archivtyp: ZIP
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.BH
--> dev/s/AdgredY.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.BH
--> dev/s/DyesyasZ.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.M.2
--> dev/s/LoaderX.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.M.1
Beginne mit der Suche in 'D:\' <HP_RECOVERY>

Beginne mit der Desinfektion:
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\412e85be-151e8af6
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.M.1
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4803548a.qua' verschoben!
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\35e074ec-57a5cfd4
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.HR
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50a17b29.qua' verschoben!
C:\Users\HP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\5f9a8019-5d835470
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Rowindal.C
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '02d221b2.qua' verschoben!


Ende des Suchlaufs: Montag, 8. November 2010 13:41
Benötigte Zeit: 2:01:02 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

42233 Verzeichnisse wurden überprüft
960984 Dateien wurden geprüft
12 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
3 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
960972 Dateien ohne Befall
5321 Archive wurden durchsucht
0 Warnungen
3 Hinweise
813740 Objekte wurden beim Rootkitscan durchsucht
2 Versteckte Objekte wurden gefunden


Hier auch schon der Scan von Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5073

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

08.11.2010 16:09:05
mbam-log-2010-11-08 (16-09-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 447456
Laufzeit: 1 Stunde(n), 49 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> No action taken.
C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.
C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> No action taken.
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\480ZC1S8\OTL[1].exe (Trojan.Dropper.PGen) -> No action taken.


Danke schon mal für eure Hilfestellung.

Grüße
Piet

Alt 09.11.2010, 01:47   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 09.11.2010, 10:00   #3
Piet27
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



Hallo Cosinus,

anbei der OTL-Scanlog
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 09.11.2010 10:38:21 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\HP\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,12 Gb Total Space | 95,43 Gb Free Space | 33,01% Space Free | Partition Type: NTFS
Drive D: | 8,96 Gb Total Space | 1,64 Gb Free Space | 18,33% Space Free | Partition Type: NTFS
Drive E: | 2,44 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PERPETUUM_MOBIL | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\HP\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - c:\Program Files\AOL\AOL Toolbar 5.0\AolTbServer.exe (AOL LLC)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\HP\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\DRIVERS\snpstd3.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) -- C:\Program Files\HP\QuickPlay\000.fcl (Cyberlink Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb"
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {4b0a905d-b508-4574-8d12-b8fe120ace09}:0.5
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.10.09 07:16:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.17 06:11:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.28 20:45:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.28 20:45:15 | 000,000,000 | ---D | M]
 
[2009.02.10 00:04:21 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Extensions
[2010.11.09 10:36:13 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\gn2gx2tl.default\extensions
[2010.04.27 19:36:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\gn2gx2tl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.07 23:58:08 | 000,000,000 | ---D | M] (Faark's Grepolis Bericht 2 Image - Exporter) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\gn2gx2tl.default\extensions\{4b0a905d-b508-4574-8d12-b8fe120ace09}
[2010.04.09 02:36:20 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\HP\AppData\Roaming\mozilla\Firefox\Profiles\gn2gx2tl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.17 14:44:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.24 19:23:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.19 22:33:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.17 21:31:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.17 14:44:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.12.01 08:47:06 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010.10.22 11:47:32 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.22 11:47:32 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.22 11:47:32 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.22 11:47:32 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.22 11:47:32 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BRAVIS-{DC0F6114-52CD-420E-BAEB-ECC5BFB0B110}] C:\Program Files\BRAVIS\Galaxee 4free\bravis.exe (BRAVIS GmbH)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0;  File not found
O4 - Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\HP\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\HP\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.07.27 06:31:59 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.05.28 20:02:25 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{03f20440-a409-11dd-9156-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{03f20440-a409-11dd-9156-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010.07.27 06:31:59 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{a974a9cc-a6cf-11df-8822-f185de0764f8}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.09 10:36:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2010.11.08 14:08:40 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes
[2010.11.08 14:08:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.08 14:08:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.08 14:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.11.08 14:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.08 14:07:32 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\HP\Desktop\mbam-setup.exe
[2010.11.07 21:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010.11.07 21:23:46 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\Samsung
[2010.11.07 21:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010.11.07 21:20:24 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Downloaded Installations
[2010.11.07 11:54:45 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\My Art
[2010.11.07 11:53:18 | 000,000,000 | ---D | C] -- C:\Users\HP\Documents\NPS
[2010.11.07 11:51:26 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\PC Suite
[2010.11.07 11:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010.11.05 10:25:07 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Avira
[2010.10.28 13:08:41 | 000,032,256 | ---- | C] (Darkfleet.de) -- C:\Users\HP\Desktop\DNPCGLauncher.exe
[2010.10.28 13:07:16 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Users\HP\Desktop\dotNetFx40_Full_setup.exe
[2010.10.27 12:26:06 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010.10.27 12:26:05 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.10.27 12:26:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.10.22 11:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010.10.22 11:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010.10.19 11:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.10.19 11:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.10.19 11:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.10.17 23:33:16 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Gogii
[2010.10.17 22:32:44 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Enlightenus2SE_BFG
[2010.10.17 14:43:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.10.17 14:43:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.10.17 14:43:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.10.17 13:40:49 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Vogat Interactive
[2010.10.17 13:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Drawn - Flucht aus der Dunkelheit
[2010.10.17 12:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Robins Quest - Aufstieg einer Legende
[2010.10.17 11:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\Elixier der Unsterblichkeit
[2010.10.17 11:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Enlightenus II - Der ewige Turm
[2010.10.13 00:08:00 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.13 00:07:59 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.12 23:44:47 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.12 23:44:31 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.12 23:44:19 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.12 23:44:16 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.10.12 23:44:16 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.12 23:44:16 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.12 23:44:16 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.12 23:44:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.12 23:44:15 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.12 23:44:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.12 23:44:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.12 23:44:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.10.12 23:44:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.12 23:44:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.10.12 23:44:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.10.12 23:44:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.10.12 23:44:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.10.12 23:44:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.12 23:44:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.12 23:44:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.12 23:43:59 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.12 23:43:56 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.12 23:43:55 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.09 10:40:29 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D5D03B1D-F6F6-4927-ABA2-A822FA9CD2A6}.job
[2010.11.09 10:36:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2010.11.09 10:27:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.09 10:14:03 | 000,001,403 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010.11.09 10:13:45 | 000,047,842 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.11.09 10:13:45 | 000,047,842 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.11.09 10:13:40 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.09 09:00:53 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.11.09 08:57:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.09 08:57:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.09 08:57:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.09 08:56:58 | 3186,839,552 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.08 21:44:34 | 000,001,932 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.11.08 14:07:36 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\HP\Desktop\mbam-setup.exe
[2010.11.07 21:27:20 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010.11.07 13:39:41 | 173,838,160 | ---- | M] () -- C:\Users\HP\Desktop\New_PC_Studio_1.5.1.10064_2.exe
[2010.11.06 11:32:31 | 000,670,946 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.06 11:32:31 | 000,631,636 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.06 11:32:31 | 000,144,082 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.06 11:32:31 | 000,118,262 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.28 13:08:41 | 000,032,256 | ---- | M] (Darkfleet.de) -- C:\Users\HP\Desktop\DNPCGLauncher.exe
[2010.10.28 13:07:26 | 000,889,416 | ---- | M] (Microsoft Corporation) -- C:\Users\HP\Desktop\dotNetFx40_Full_setup.exe
[2010.10.28 11:56:48 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010.10.28 11:56:48 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.10.19 11:17:33 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.10.19 11:14:23 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.17 16:07:52 | 000,024,576 | ---- | M] () -- C:\Users\HP\Desktop\Comenius Beirat 1.doc
[2010.10.16 06:25:34 | 000,145,835 | ---- | M] () -- C:\Users\HP\Desktop\zeichentabelle.pdf
[2010.10.13 06:52:09 | 000,330,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010.11.07 21:27:20 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010.11.07 13:39:32 | 173,838,160 | ---- | C] () -- C:\Users\HP\Desktop\New_PC_Studio_1.5.1.10064_2.exe
[2010.10.22 11:52:08 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010.10.22 11:52:08 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010.10.19 11:17:33 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.10.19 11:14:23 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.10.17 16:30:23 | 000,024,576 | ---- | C] () -- C:\Users\HP\Desktop\Comenius Beirat 1.doc
[2010.10.16 06:25:34 | 000,145,835 | ---- | C] () -- C:\Users\HP\Desktop\zeichentabelle.pdf
[2010.09.23 11:05:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.07.26 14:50:05 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010.07.23 12:17:46 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.23 12:17:45 | 000,139,152 | ---- | C] () -- C:\Users\HP\AppData\Roaming\PnkBstrK.sys
[2010.06.24 18:16:03 | 000,000,000 | ---- | C] () -- C:\Windows\galaxy.ini
[2010.05.21 18:16:43 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.05.21 18:16:43 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.01.20 07:15:05 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\FnF4.txt
[2009.09.23 23:55:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.22 13:12:33 | 000,005,059 | ---- | C] () -- C:\ProgramData\ypkpiykb.yyr
[2009.09.22 13:12:14 | 000,000,036 | ---- | C] () -- C:\Windows\IniFile1.ini
[2009.08.05 18:57:54 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.08.05 18:52:07 | 000,000,680 | ---- | C] () -- C:\Users\HP\AppData\Local\d3d9caps.dat
[2009.05.08 08:24:48 | 000,009,632 | ---- | C] () -- C:\Windows\System32\drivers\fiddrv.sys
[2009.04.06 16:48:22 | 000,012,524 | ---- | C] () -- C:\Users\HP\AppData\Roaming\elisa.xml
[2009.04.06 16:43:09 | 000,000,768 | ---- | C] () -- C:\Users\HP\AppData\Roaming\users.xml
[2009.03.23 20:19:58 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.03.14 19:29:01 | 000,000,858 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.01.12 14:36:33 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.01.12 14:22:41 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.01.12 14:22:41 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2008.12.27 14:22:23 | 000,000,982 | ---- | C] () -- C:\Windows\EF.ini
[2008.12.25 10:57:24 | 000,000,174 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.12.17 21:10:25 | 000,028,915 | ---- | C] () -- C:\Users\HP\AppData\Roaming\UserTile.png
[2008.12.13 12:30:47 | 000,091,136 | ---- | C] () -- C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.27 15:32:37 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Roaming\wklnhst.dat
[2008.10.27 11:56:20 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\QSwitch.txt
[2008.10.27 11:56:20 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\DSwitch.txt
[2008.10.27 11:56:20 | 000,000,000 | ---- | C] () -- C:\Users\HP\AppData\Local\AtStart.txt
[2008.09.27 00:46:15 | 000,047,842 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.09.27 00:46:14 | 000,047,842 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.01.21 03:24:14 | 000,069,632 | ---- | C] () -- C:\Windows\System32\rasqec.dll
[2007.11.14 15:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:30:20 | 000,140,776 | ---- | C] () -- C:\Windows\System32\halacpi.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:55BB2521
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:059167AF
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:C9FD258B
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:43982D5E
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:6F55EB66
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:6AF67671
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DA18D4E3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:91DEEE71
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:041C0562
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:596E2371
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E14FA16F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:61AF2B29
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C10635F6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:61B54B15
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0E684AC9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D8D58038
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:68A56598
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DD04902E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9F38BF31
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9D03192E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4C528C86
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:38B32B54
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C72A744C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:054F0F17
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:1ECED34B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B8384DB6
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7FCB9D0D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D2397415
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B2735F9E
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F0A5896
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:109734F6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6BF0805F
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:95198126
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:7A0FEE87
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0ED4AC2F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:848CC150
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:B2CD146E
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:DFC3B090
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:27D1368B

< End of report >
         
--- --- ---



Hier noch das Extralog
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.11.2010 10:38:21 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\HP\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289,12 Gb Total Space | 95,43 Gb Free Space | 33,01% Space Free | Partition Type: NTFS
Drive D: | 8,96 Gb Total Space | 1,64 Gb Free Space | 18,33% Space Free | Partition Type: NTFS
Drive E: | 2,44 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PERPETUUM_MOBIL | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5619A369-7009-4E5B-932F-EE8A12868DFF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{5CB26342-473C-436A-818A-D8DC91F8C91D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{73526175-250A-4798-BAB6-6D82636F8BBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FAEB6E-2B9C-4F5A-AFBE-943AA4E7F561}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{0218A856-8A35-4F64-A8E4-A3A07D80F001}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe | 
"{050E6B41-AF96-4EB5-8EC0-3A0DCC97DB1D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{0666893D-F1EC-42BB-8486-5A93EF43B742}" = protocol=17 | dir=in | app=c:\program files\bravis\galaxee 4free\bravis.exe | 
"{1377E317-E405-4442-A707-10054D28C77D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{188638BF-DA7C-4BE6-9F70-B1594DB21BFE}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{2588108E-573D-40B1-B868-9B45FD9EFB87}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{28FE9A14-15F2-4045-9C0D-BF1F83D95218}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{2FC616A3-0BCD-4071-B8AB-185F7E742DB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{32DFA05E-FCBE-4BB6-A749-D7CF03DB7E48}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{348E05E0-08F3-4CCE-B3EA-89843266FC99}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3B978E5F-113E-4AFA-8C7A-58F0B657A4FD}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{3E98D450-41C7-416C-9FEE-093A2CA0B896}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{4065964B-21F1-4B06-A860-BC4ABCE333E5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{412AD225-CD63-4234-A6C4-7D56D1C8CE44}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{44242020-8F3E-4245-A40E-61B3986B47A6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{45AD6D9B-78A0-4639-A889-BAC742951CAB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{4C42FDCA-3D16-478D-9517-82FF50112C84}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{4E7967EF-971B-4562-9467-0E0A0EF9ED41}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{5375EF57-FA49-46D2-8D26-8AEFF09C4A04}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{5C658C64-4F1D-4C39-94E9-A859EB5DE144}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{5DCF0BD7-BCDC-4BD7-B2FB-A1FE4DE76765}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{5E208F55-C435-49D0-AA06-A9F5E3C8EC4E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{5F777A5C-DAF8-4DC3-A382-69CE3D9608E7}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{65DFC601-97EF-48B4-9589-FA0C8DBCEC98}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{748B55E8-FD40-47DE-8FD0-C853F3D15BE6}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{7CCE3431-4CF2-4B94-8163-B17D5DCFE79B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{81D00DCB-06D3-4D99-AA36-4E5AFB42CEF7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{9308C751-0985-43FB-81A7-61E1B717DE20}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{95F06B91-F52E-49C7-8585-891151474AC7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe | 
"{9CC07867-A3FC-42E2-A91C-0832983361F4}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{A619F510-808A-4100-B717-241278A59F9A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B231BE95-C646-4461-A052-17117365E9CF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B2489612-AB6D-4B8B-B6E8-D3AA5838CD1B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{B812387E-9083-465B-9293-C5D5470A6140}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8A87A34-C081-46DA-81A8-5ABC68FC1A23}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{C665F790-F974-40A6-94E1-5FFBB59337B9}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{CCD159C1-8773-4170-96C4-D8DD6640884B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{CF00AD47-4950-4A30-9FEA-2F830BBE7AA7}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{D44B9C7B-2280-4C2A-87A7-51486562DE76}" = protocol=6 | dir=in | app=c:\program files\bravis\galaxee 4free\bravis.exe | 
"{DC854184-B296-44F5-A9DE-676732E9E9B8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{E226DB3C-0D4C-4567-A648-735CDF13B2B8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{EA15C3B4-4FB6-4CE2-8B1F-5DBB462E43E0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{EC735C01-AA50-4423-B6EF-9D9F5C985635}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F408DB27-8FC7-4025-97C3-BCE0A1F22905}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{F73B3414-05D9-4416-9F23-6A2617B0D88E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{FB3C5A93-179D-49D4-9BBC-20D497C20F5E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"TCP Query User{0588ED9E-C2E9-47FF-B0D2-A8EE266C26C8}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{2EBA2BB1-E1E1-40C3-82AE-F503B4A5D5F1}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{4145B1B4-36C0-45C2-BCE5-1FEA9917A06A}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{4BA3638B-C3D8-48D6-8F7A-54F1E3C58A79}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{538DD0CE-4B31-4515-A889-AF934A637656}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{576A4189-452F-4397-960F-E7F59792611A}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{5C691124-33DA-4A88-B4B8-9A00B69E6BB6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{84AC26ED-9957-44EB-A2AC-B399EDED2DEA}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{C1828ED9-12AF-4A60-A201-F1E8F8415037}C:\program files\bravis\galaxee 4free\bravis.exe" = protocol=6 | dir=in | app=c:\program files\bravis\galaxee 4free\bravis.exe | 
"TCP Query User{FCD99118-C5F3-4943-93FE-6AAD06ED9F72}C:\alien arena 7_33\crx.exe" = protocol=6 | dir=in | app=c:\alien arena 7_33\crx.exe | 
"UDP Query User{3035C961-2D02-4196-8C3E-98FE8D081232}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{629B90C6-1E9E-4CB2-B8E4-D58D6863FF8A}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{6CC46E87-9C38-4EBF-A76E-1E7041499CAD}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{ADE4C434-23EE-4B0F-8782-FEDAC670E0C6}C:\program files\bravis\galaxee 4free\bravis.exe" = protocol=17 | dir=in | app=c:\program files\bravis\galaxee 4free\bravis.exe | 
"UDP Query User{AEDFF2C7-65A8-4480-B54B-004B260FD53A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{AF70CF84-9284-41FA-A081-2941C7AC211D}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{C19935ED-C26A-4266-8500-428D1ADBAE7C}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{C3628AD2-BF1C-4CF1-8ACF-8AE242F1349D}C:\alien arena 7_33\crx.exe" = protocol=17 | dir=in | app=c:\alien arena 7_33\crx.exe | 
"UDP Query User{ED862670-A864-4DA4-B73B-0013782C80E6}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{F6102C32-6F7B-4A08-9AC7-51405E14F2D4}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1A5D65E1-B438-4148-97E3-1BC3627BEC71}" = DigitalPersona Personal 4.11
"{1B4E3046-4982-4436-8B6F-2EE4F63326C9}" = Wendy
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = Die Sims™ 2 Super Deluxe
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5E30BDEB-9307-11D4-9AE0-006067325E47}" = Baldur's Gate(TM) II - Schatten von Amn(TM)
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7C1824FC-B3EA-DF3F-BCC5-ED8BE0FB74B2}" = Anubis - Das Geheimnis des Osiris
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96E44EA5-13F8-491A-8EAC-67C5FA8D90B5}_is1" = Get7
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Süß & Schrecklich Ergänzungs-Pack
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB65E3C5-8219-11D7-AA55-00E07DDCAF19}" = Lernspaß 2
"{DC0F6114-52CD-420E-BAEB-ECC5BFB0B110}" = BRAVIS Galaxee 4free
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{F00367CA-4E3F-4646-818A-02478313B6E6}" = Movavi Video Converter 8
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"4StoryDE_is1" = 4Story 3.3
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AOL Toolbar" = AOL Toolbar 5.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFG-Adventure Chronicles - Die Suche nach dem verlorenen Schatz" = Adventure Chronicles: Die Suche nach dem verlorenen Schatz
"BFG-Annabel" = Annabel
"BFG-Azada - Ancient Magic" = Azada ™: Ancient Magic
"BFGC" = Big Fish Games: Game Manager
"BFG-Club der Ermittlerinnen - Tod in Scharlach" = Club der Ermittlerinnen: Tod in Scharlach
"BFG-Die Schatzsucher - Visionen des Goldes" = Die Schatzsucher: Visionen des Goldes ™
"BFG-Die Schatzsucher 3 - Auf den Spuren der Geister" = Die Schatzsucher 3: Auf den Spuren der Geister
"BFG-Drawn - Flucht aus der Dunkelheit" = Drawn: &reg; Flucht aus der Dunkelheit
"BFG-Elixier der Unsterblichkeit" = Elixier der Unsterblichkeit
"BFG-Enlightenus II - Der ewige Turm" = Enlightenus II: Der ewige Turm
"BFG-Flux Family Secrets - The Ripple Effect" = Flux Family Secrets: The Ripple Effect
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files&reg;: Dire Grove™
"BFG-Mystery Case Files - Rueckkehr nach Ravenhearst" = Mystery Case Files: R&uuml;ckkehr nach Ravenhearst ™
"BFG-Prinzessin Isabella und der Fluch der Hexe" = Prinzessin Isabella und der Fluch der Hexe
"BFG-Robins Quest - Aufstieg einer Legende" = Robin's Quest: Aufstieg einer Legende
"BFG-Safecracker" = Safecracker
"BFG-Yard Sale Hidden Treasures - Sunnyville" = Yard Sale Hidden Treasures: Sunnyville
"BFG-Youda Farmer" = Youda Farmer
"CCleaner" = CCleaner
"Coffee Shop" = Coffee Shop
"de.studio100.anubis.geheimnisosiris.ECD972C667655AB064366A82A4411E55DF698589.1" = Anubis - Das Geheimnis des Osiris
"Dethkarz" = Dethkarz
"Die Sims" = Die Sims
"DRK Bildschirmschoner_is1" = DRK Bildschirmschoner
"EA Download Manager" = EA Download Manager
"Elite Force" = Elite Force
"FLVPlayer" = FLV Player 1.3.3
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.5
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LogonStudio Vista" = LogonStudio Vista
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 13140" = America's Army 3
"SWAT3" = SWAT3
"Synthesia" = Synthesia (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WildTangent hp Master Uninstall" = HP Games
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


Beste Grüße
Piet
__________________

Alt 10.11.2010, 06:37   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
[2009.09.22 13:12:33 | 000,005,059 | ---- | C] () -- C:\ProgramData\ypkpiykb.yyr
[2009.09.22 13:12:14 | 000,000,036 | ---- | C] () -- C:\Windows\IniFile1.ini
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:55BB2521
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:059167AF
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:C9FD258B
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:C22674B6
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:43982D5E
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:6F55EB66
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:6AF67671
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:DA18D4E3
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:91DEEE71
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:041C0562
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:596E2371
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E14FA16F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:61AF2B29
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:6017A808
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C10635F6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:61B54B15
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0E684AC9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D8D58038
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:68A56598
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DD04902E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9F38BF31
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9D03192E
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:870649A4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4C528C86
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A4AF8D0D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:38B32B54
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CB16385F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C72A744C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C6EBC69
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:260575F1
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:054F0F17
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:1ECED34B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B8384DB6
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:7FCB9D0D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D2397415
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B2735F9E
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F0A5896
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:5E9B629B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:109734F6
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8B4B9596
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6BF0805F
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:95198126
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:7A0FEE87
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0ED4AC2F
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:848CC150
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:2BC498A4
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5D351BC6
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:B2CD146E
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:DFC3B090
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:27D1368B
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.11.2010, 07:35   #5
Piet27
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



Moin Cosinus,

hier der OTL Log nach deinen angegeben Spezifikationen:

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\ProgramData\ypkpiykb.yyr moved successfully.
C:\Windows\IniFile1.ini moved successfully.
ADS C:\ProgramData\TEMP:55BB2521 deleted successfully.
ADS C:\ProgramData\TEMP:7A0EFE63 deleted successfully.
ADS C:\ProgramData\TEMP:059167AF deleted successfully.
ADS C:\ProgramData\TEMP:C9FD258B deleted successfully.
ADS C:\ProgramData\TEMP:C22674B6 deleted successfully.
ADS C:\ProgramData\TEMP:43982D5E deleted successfully.
ADS C:\ProgramData\TEMP:A3B8F70C deleted successfully.
ADS C:\ProgramData\TEMP:7B52659E deleted successfully.
ADS C:\ProgramData\TEMP:3D36932D deleted successfully.
ADS C:\ProgramData\TEMP:3E06C78F deleted successfully.
ADS C:\ProgramData\TEMP:6F55EB66 deleted successfully.
ADS C:\ProgramData\TEMP:CF61CE5A deleted successfully.
ADS C:\ProgramData\TEMP:6AF67671 deleted successfully.
ADS C:\ProgramData\TEMP:DA18D4E3 deleted successfully.
ADS C:\ProgramData\TEMP:F84B8DB5 deleted successfully.
ADS C:\ProgramData\TEMP:A02025CE deleted successfully.
ADS C:\ProgramData\TEMP:91DEEE71 deleted successfully.
ADS C:\ProgramData\TEMP:041C0562 deleted successfully.
ADS C:\ProgramData\TEMP:596E2371 deleted successfully.
ADS C:\ProgramData\TEMP:E14FA16F deleted successfully.
ADS C:\ProgramData\TEMP:61AF2B29 deleted successfully.
ADS C:\ProgramData\TEMP:6017A808 deleted successfully.
ADS C:\ProgramData\TEMP:C10635F6 deleted successfully.
ADS C:\ProgramData\TEMP:8944C195 deleted successfully.
ADS C:\ProgramData\TEMP:700B9342 deleted successfully.
ADS C:\ProgramData\TEMP:61B54B15 deleted successfully.
ADS C:\ProgramData\TEMP:E80802C7 deleted successfully.
ADS C:\ProgramData\TEMP:0E684AC9 deleted successfully.
ADS C:\ProgramData\TEMP:D8D58038 deleted successfully.
ADS C:\ProgramData\TEMP:68A56598 deleted successfully.
ADS C:\ProgramData\TEMP:DD04902E deleted successfully.
ADS C:\ProgramData\TEMP:9F38BF31 deleted successfully.
ADS C:\ProgramData\TEMP:9D03192E deleted successfully.
ADS C:\ProgramData\TEMP:569CEE83 deleted successfully.
ADS C:\ProgramData\TEMP:870649A4 deleted successfully.
ADS C:\ProgramData\TEMP:4C528C86 deleted successfully.
ADS C:\ProgramData\TEMP:A4AF8D0D deleted successfully.
ADS C:\ProgramData\TEMP:38B32B54 deleted successfully.
ADS C:\ProgramData\TEMP:206470A5 deleted successfully.
ADS C:\ProgramData\TEMP:CB16385F deleted successfully.
ADS C:\ProgramData\TEMP:C72A744C deleted successfully.
ADS C:\ProgramData\TEMP:5C6EBC69 deleted successfully.
ADS C:\ProgramData\TEMP:260575F1 deleted successfully.
ADS C:\ProgramData\TEMP:0E22C5DB deleted successfully.
ADS C:\ProgramData\TEMP:054F0F17 deleted successfully.
ADS C:\ProgramData\TEMP:BD27B7FC deleted successfully.
ADS C:\ProgramData\TEMP:B845F669 deleted successfully.
ADS C:\ProgramData\TEMP:1ECED34B deleted successfully.
ADS C:\ProgramData\TEMP:B8384DB6 deleted successfully.
ADS C:\ProgramData\TEMP:9ACB70D7 deleted successfully.
ADS C:\ProgramData\TEMP:7FCB9D0D deleted successfully.
ADS C:\ProgramData\TEMP:D2397415 deleted successfully.
ADS C:\ProgramData\TEMP:B2735F9E deleted successfully.
ADS C:\ProgramData\TEMP:70E897B5 deleted successfully.
ADS C:\ProgramData\TEMP:0F0A5896 deleted successfully.
ADS C:\ProgramData\TEMP:5E9B629B deleted successfully.
ADS C:\ProgramData\TEMP:109734F6 deleted successfully.
ADS C:\ProgramData\TEMP:8B4B9596 deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:6BF0805F deleted successfully.
ADS C:\ProgramData\TEMP:24FECE50 deleted successfully.
ADS C:\ProgramData\TEMP:D507B5A8 deleted successfully.
ADS C:\ProgramData\TEMP:C8E82994 deleted successfully.
ADS C:\ProgramData\TEMP:95198126 deleted successfully.
ADS C:\ProgramData\TEMP:7A0FEE87 deleted successfully.
ADS C:\ProgramData\TEMP:0ED4AC2F deleted successfully.
ADS C:\ProgramData\TEMP:43301D1D deleted successfully.
ADS C:\ProgramData\TEMP:FC4EA67C deleted successfully.
ADS C:\ProgramData\TEMP:848CC150 deleted successfully.
ADS C:\ProgramData\TEMP:2BC498A4 deleted successfully.
ADS C:\ProgramData\TEMP:5D351BC6 deleted successfully.
ADS C:\ProgramData\TEMP:53DF59D1 deleted successfully.
ADS C:\ProgramData\TEMP:B2CD146E deleted successfully.
ADS C:\ProgramData\TEMP:DFC3B090 deleted successfully.
ADS C:\ProgramData\TEMP:27D1368B deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56545 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Elisa
->Temp folder emptied: 50451909 bytes
->Temporary Internet Files folder emptied: 57575235 bytes
->Java cache emptied: 49754667 bytes
->Flash cache emptied: 19884 bytes
 
User: HP
->Temp folder emptied: 3815607 bytes
->Temporary Internet Files folder emptied: 533290350 bytes
->Java cache emptied: 79867190 bytes
->FireFox cache emptied: 103357984 bytes
->Flash cache emptied: 610059 bytes
 
User: Melone
->Temp folder emptied: 33218 bytes
->Temporary Internet Files folder emptied: 33360 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 717892491 bytes
RecycleBin emptied: 5318705 bytes
 
Total Files Cleaned = 1.528,00 mb
 
 
OTL by OldTimer - Version 3.2.17.3 log created on 11102010_080236

Files\Folders moved on Reboot...
File\Folder C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(23)\Content.IE5\AYBWL5RN\15_1584503_0_170_AdId=2764909;BnId=1;itime=125226076;key=asab_3039m+isBetting+WLTRUE0+WLTRUE1+WLTRUE2+WLTRUE3+WLTRUE4+WLTRUE5+WLTRUE6+WLTRUE7;link=;ord=125226076[1] not found!
File\Folder C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(23)\Content.IE5\9MAUG1NL\15_1584503_0_170_AdId=2764909;BnId=1;itime=127035849;key=asab_3039m+isBetting+WLTRUE0+WLTRUE1+WLTRUE2+WLTRUE3+WLTRUE4+WLTRUE5+WLTRUE6+WLTRUE7;link=;ord=127035849[1] not found!

Registry entries deleted on Reboot...
         

Grüße Piet


Alt 10.11.2010, 07:54   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C

Alt 10.11.2010, 10:19   #7
Piet27
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



So Cosinus hier der CF-Bericht:

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-11-09.01 - HP 10.11.2010  10:49:39.1.2 - x86
ausgeführt von:: c:\users\HP\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\users\HP\AppData\Roaming\.#
c:\users\HP\AppData\Roaming\.#\MBX@AE8@1A72960.###
c:\users\HP\AppData\Roaming\.#\MBX@AE8@1A72990.###
c:\users\HP\AppData\Roaming\.#\MBX@AE8@1A729C0.###

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_usnjsvc


(((((((((((((((((((((((   Dateien erstellt von 2010-10-10 bis 2010-11-10  ))))))))))))))))))))))))))))))
.

2010-11-10 07:02 . 2010-11-10 07:02	--------	d-----w-	C:\_OTL
2010-11-09 08:04 . 2010-10-07 23:21	6146896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A0C16EC-B731-4D4F-A4E1-7B4D0B66BBF9}\mpengine.dll
2010-11-08 13:08 . 2010-11-08 13:08	--------	d-----w-	c:\users\HP\AppData\Roaming\Malwarebytes
2010-11-08 13:08 . 2010-04-29 11:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-08 13:08 . 2010-11-08 13:08	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-11-08 13:08 . 2010-11-08 13:08	--------	d-----w-	c:\programdata\Malwarebytes
2010-11-08 13:08 . 2010-04-29 11:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-11-07 20:25 . 2010-11-07 20:25	--------	d-----w-	c:\programdata\Samsung
2010-11-07 20:23 . 2010-11-07 20:23	--------	d-----w-	c:\program files\MarkAny
2010-11-07 20:20 . 2010-11-07 20:20	--------	d-----w-	c:\users\HP\AppData\Local\Downloaded Installations
2010-11-07 10:51 . 2010-11-07 10:51	--------	d-----w-	c:\users\HP\AppData\Roaming\PC Suite
2010-11-07 10:51 . 2010-11-07 10:51	--------	d-----w-	c:\programdata\PC Suite
2010-11-05 09:25 . 2010-11-05 09:25	--------	d-----w-	c:\users\HP\AppData\Roaming\Avira
2010-10-27 11:26 . 2010-08-26 16:34	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-10-27 11:26 . 2010-08-26 16:33	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-10-27 11:26 . 2010-08-26 14:23	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-22 10:52 . 2010-10-28 10:56	--------	d-----w-	c:\program files\McAfee Security Scan
2010-10-22 10:52 . 2010-10-22 10:52	--------	d-----w-	c:\programdata\McAfee Security Scan
2010-10-19 10:16 . 2010-10-19 10:16	--------	d-----w-	c:\program files\iPod
2010-10-19 10:10 . 2010-10-19 10:10	--------	d-----w-	c:\program files\Bonjour
2010-10-17 22:33 . 2010-10-17 22:33	--------	d-----w-	c:\users\HP\AppData\Roaming\Gogii
2010-10-17 21:32 . 2010-10-17 21:33	--------	d-----w-	c:\users\HP\AppData\Roaming\Enlightenus2SE_BFG
2010-10-17 12:40 . 2010-10-17 12:40	--------	d-----w-	c:\users\HP\AppData\Roaming\Vogat Interactive
2010-10-17 12:22 . 2010-10-17 12:23	--------	d-----w-	c:\program files\Drawn - Flucht aus der Dunkelheit
2010-10-17 11:50 . 2010-10-17 11:51	--------	d-----w-	c:\program files\Robins Quest - Aufstieg einer Legende
2010-10-17 10:49 . 2010-10-17 10:49	--------	d-----w-	c:\program files\Elixier der Unsterblichkeit
2010-10-17 10:08 . 2010-10-17 10:09	--------	d-----w-	c:\program files\Enlightenus II - Der ewige Turm
2010-10-12 23:08 . 2010-08-31 15:46	954752	----a-w-	c:\windows\system32\mfc40.dll
2010-10-12 23:07 . 2010-08-31 15:46	954288	----a-w-	c:\windows\system32\mfc40u.dll
2010-10-12 22:43 . 2010-08-31 13:27	2038272	----a-w-	c:\windows\system32\win32k.sys
2010-10-12 22:43 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2010-10-12 22:43 . 2010-08-20 16:05	867328	----a-w-	c:\windows\system32\wmpmde.dll
2010-10-12 22:43 . 2010-08-31 15:44	531968	----a-w-	c:\windows\system32\comctl32.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-03 06:12	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-09-15 02:50 . 2010-04-19 21:33	472808	----a-w-	c:\windows\system32\deployJava1.dll
2010-09-08 09:17 . 2010-09-08 09:17	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-08-26 16:33 . 2010-10-27 11:26	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 11:26	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 11:26	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 11:26	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-15 12:42	128000	----a-w-	c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-24 1242448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"BRAVIS-{DC0F6114-52CD-420E-BAEB-ECC5BFB0B110}"="c:\program files\BRAVIS\Galaxee 4free\bravis.exe" [2009-12-18 7696704]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-17 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

c:\users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-1-16 727592]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c998ca40d6bbff;Google Update Service (gupdate1c998ca40d6bbff);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2008-04-23 39408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [2009-03-02 81920]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-05-30 16640]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners

2010-11-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-27 08:43]

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 10:57]

2010-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 10:57]

2010-11-10 c:\windows\Tasks\User_Feed_Synchronization-{D5D03B1D-F6F6-4927-ABA2-A822FA9CD2A6}.job
- c:\windows\system32\msfeedssync.exe [2010-10-12 04:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\gn2gx2tl.default\
FF - prefs.js: browser.startup.homepage - hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
FF - component: c:\program files\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKLM-Run-NPSStartup - (no file)
AddRemove-{495A8A3C-8FD0-4C46-9979-95C26181A1AB} - c:\program files\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe



**************************************************************************
Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-4170765611-3392074641-2950244348-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:62,90,6d,62,73,1e,44,2f,5b,c4,ea,1f,25,1a,61,80,7f,59,17,46,33,0c,c2,
   d1,80,70,67,b8,85,23,cc,f4,49,8e,d3,8a,75,21,58,bf,7c,93,22,7a,98,9a,e9,a2,\
"??"=hex:4c,29,47,78,35,42,bc,1b,86,e3,61,d6,a0,f3,53,d9

[HKEY_USERS\S-1-5-21-4170765611-3392074641-2950244348-1000\Software\SecuROM\License information*]
"datasecu"=hex:ee,ec,63,04,56,e2,46,56,25,87,0c,dc,78,85,72,6b,5b,5f,79,c7,b8,
   6e,c1,66,78,4e,89,d7,93,27,0f,40,99,b7,4e,f7,15,5a,de,ea,cd,cb,a8,d7,ca,8e,\
"rkeysecu"=hex:2f,20,05,df,a2,92,8b,f3,ae,d7,c1,81,bf,ba,1a,b8

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5560)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-10  11:13:13 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-11-10 10:12

Vor Suchlauf: 19 Verzeichnis(se), 103.797.641.216 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 103.970.107.392 Bytes frei

- - End Of File - - EA7741343CF20539E0E51E98EE130598
         
--- --- ---



Grüße

Alt 10.11.2010, 10:39   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.11.2010, 11:49   #9
Piet27
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



Hier die nächsten Logs:

GMER Log

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-10 12:25:25
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.12.0
Running: 0d5sdtks.exe; Driver: C:\Users\HP\AppData\Local\Temp\pwnyrfog.sys


---- Kernel code sections - GMER 1.0.15 ----

        C:\Program Files\HP\QuickPlay\000.fcl                                                            entry point in "" section [0xA3178000]
.clc    C:\Program Files\HP\QuickPlay\000.fcl                                                            unknown last section [0xA3179000, 0x1000, 0x00000000]

---- Devices - GMER 1.0.15 ----

Device  \Driver\BTHUSB \Device\000001e0                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186ba60a8                      
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186ba60a8@a8f274db83d9         0x42 0x69 0xCF 0x38 ...
Reg     HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186ba60a8 (not active ControlSet)  
Reg     HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186ba60a8@a8f274db83d9             0x42 0x69 0xCF 0x38 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---


OSAM Log

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:41:12 on 10.11.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.12

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ArcSoft Magic-I Visual Effect" (ArcSoftKsUFilter) - "ArcSoft, Inc." - C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "Avanquest Software" - C:\Windows\system32\drivers\BVRPMPR5.SYS
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\Windows\system32\drivers\EagleNT.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys
"pwnyrfog" (pwnyrfog) - ? - C:\Users\HP\AppData\Local\Temp\pwnyrfog.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"USB PC Camera (SNPSTD3)" (SNPSTD3) - ? - C:\Windows\System32\DRIVERS\snpstd3.sys  (File not found)
"{22D78859-9CE9-4B77-BF18-AC83E81A9263}" ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) - "Cyberlink Corp." - C:\Program Files\HP\QuickPlay\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"NeoTrace It!" - ? - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm  (File not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} "GMNRev Class" - "Hewlett-Packard" - C:\Program Files\HP\Common\HPGMNRev.dll / hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "Zylom Games Player" - "Zylom Games" - C:\Windows\Downloaded Program Files\zylomgamesplayer.dll / hxxp://game.zylom.com/activex/zylomgamesplayer.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{7C554162-8CB7-45A4-B8F4-8EA1C75885F9} "AOL Toolbar BHO" - "AOL LLC" - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
{395610AE-C624-4f58-B89E-23733EA00F9A} "DigitalPersona Personal Extension" - "DigitalPersona, Inc." - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
"ISUSPM" - "Macrovision Corporation" - "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
"Steam" - "Valve Corporation" - "C:\Program Files\Steam\Steam.exe" -silent
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BRAVIS-{DC0F6114-52CD-420E-BAEB-ECC5BFB0B110}" - "BRAVIS GmbH" - "C:\Program Files\BRAVIS\Galaxee 4free\bravis.exe" --autostart
"DpAgent" - "DigitalPersona, Inc." - C:\Program Files\DigitalPersona\Bin\dpagent.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"QPService" - "CyberLink Corp." - "C:\Program Files\HP\QuickPlay\QPService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SearchSettings" - "Spigot, Inc." - C:\Program Files\pdfforge Toolbar\SearchSettings.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128" (DpHost) - "DigitalPersona, Inc." - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Program Files\Application Updater\ApplicationUpdater.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c998ca40d6bbff)" (gupdate1c998ca40d6bbff) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"QuickPlay Background Capture Service (QBCS)" (QPCapSvc) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
"QuickPlay Task Scheduler (QTS)" (QPSched) - ? - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
"Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Windows\SMINST\BLService.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Validity Fingerprint Service" (vfsFPService) - "Validity Sensors, Inc." - C:\Windows\system32\vfsFPService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---


MBRCheck

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Quanta
BIOS Manufacturer:		Hewlett-Packard
System Manufacturer:		Hewlett-Packard
System Product Name:		HP Pavilion dv5 Notebook PC
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 214):
  0x8284E000 \SystemRoot\system32\ntkrnlpa.exe
  0x8281B000 \SystemRoot\system32\hal.dll
  0x80408000 \SystemRoot\system32\kdcom.dll
  0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8047F000 \SystemRoot\system32\PSHED.dll
  0x80490000 \SystemRoot\system32\BOOTVID.dll
  0x80498000 \SystemRoot\system32\CLFS.SYS
  0x804D9000 \SystemRoot\system32\CI.dll
  0x8060E000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8068A000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80697000 \SystemRoot\system32\drivers\acpi.sys
  0x806DD000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806E6000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806EE000 \SystemRoot\system32\drivers\pci.sys
  0x80715000 \SystemRoot\system32\drivers\isapnp.sys
  0x80724000 \SystemRoot\system32\drivers\mpio.sys
  0x80740000 \SystemRoot\System32\drivers\partmgr.sys
  0x8074F000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80752000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8075C000 \SystemRoot\system32\drivers\volmgr.sys
  0x8076B000 \SystemRoot\System32\drivers\volmgrx.sys
  0x807B5000 \SystemRoot\system32\drivers\intelide.sys
  0x807BC000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x807CA000 \SystemRoot\system32\drivers\pciide.sys
  0x807D1000 \SystemRoot\system32\drivers\aliide.sys
  0x807D8000 \SystemRoot\system32\drivers\amdide.sys
  0x807DF000 \SystemRoot\system32\drivers\cmdide.sys
  0x807E7000 \SystemRoot\System32\drivers\mountmgr.sys
  0x805B9000 \SystemRoot\system32\drivers\msdsm.sys
  0x805D3000 \SystemRoot\system32\drivers\nvraid.sys
  0x82E06000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x82E27000 \SystemRoot\system32\drivers\viaide.sys
  0x82E2F000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x82EFD000 \SystemRoot\system32\drivers\iastorv.sys
  0x82F9E000 \SystemRoot\system32\drivers\atapi.sys
  0x82FA6000 \SystemRoot\system32\drivers\ataport.SYS
  0x82FC4000 \SystemRoot\system32\drivers\lsi_scsi.sys
  0x84001000 \SystemRoot\system32\drivers\storport.sys
  0x84042000 \SystemRoot\system32\drivers\nvstor.sys
  0x8404F000 \SystemRoot\system32\drivers\msahci.sys
  0x84059000 \SystemRoot\system32\drivers\hpcisss.sys
  0x84064000 \SystemRoot\system32\drivers\adp94xx.sys
  0x840CE000 \SystemRoot\system32\drivers\adpahci.sys
  0x8411A000 \SystemRoot\system32\drivers\adpu160m.sys
  0x84135000 \SystemRoot\system32\drivers\SCSIPORT.SYS
  0x8415B000 \SystemRoot\system32\drivers\adpu320.sys
  0x84181000 \SystemRoot\system32\drivers\djsvs.sys
  0x84195000 \SystemRoot\system32\drivers\arc.sys
  0x841AB000 \SystemRoot\system32\drivers\arcsas.sys
  0x84208000 \SystemRoot\system32\drivers\elxstor.sys
  0x8429C000 \SystemRoot\system32\drivers\i2omp.sys
  0x842A6000 \SystemRoot\system32\drivers\iirsp.sys
  0x842B6000 \SystemRoot\system32\drivers\iteatapi.sys
  0x842C2000 \SystemRoot\system32\drivers\iteraid.sys
  0x842CE000 \SystemRoot\system32\drivers\lsi_fc.sys
  0x842E8000 \SystemRoot\system32\drivers\lsi_sas.sys
  0x84300000 \SystemRoot\system32\drivers\megasas.sys
  0x8430A000 \SystemRoot\system32\drivers\megasr.sys
  0x843C1000 \SystemRoot\system32\drivers\mraid35x.sys
  0x843CC000 \SystemRoot\system32\drivers\nfrd960.sys
  0x8B60B000 \SystemRoot\system32\drivers\ql2300.sys
  0x8B743000 \SystemRoot\system32\drivers\ql40xx.sys
  0x8B798000 \SystemRoot\system32\drivers\sisraid2.sys
  0x8B7A5000 \SystemRoot\system32\drivers\sisraid4.sys
  0x8B7BA000 \SystemRoot\system32\drivers\symc8xx.sys
  0x8B7C6000 \SystemRoot\system32\drivers\sym_hi.sys
  0x8B7D1000 \SystemRoot\system32\drivers\sym_u3.sys
  0x841C1000 \SystemRoot\system32\drivers\uliahci.sys
  0x8B7DC000 \SystemRoot\system32\drivers\ulsata.sys
  0x8B808000 \SystemRoot\system32\drivers\ulsata2.sys
  0x8B834000 \SystemRoot\system32\drivers\vsmraid.sys
  0x8B855000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8B887000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8B897000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8BA0E000 \SystemRoot\system32\drivers\ndis.sys
  0x8BB19000 \SystemRoot\system32\drivers\msrpc.sys
  0x8BB44000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8B908000 \SystemRoot\System32\drivers\tcpip.sys
  0x8BB7F000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8BC00000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8BD10000 \SystemRoot\system32\drivers\wd.sys
  0x8BD18000 \SystemRoot\system32\drivers\volsnap.sys
  0x8BD51000 \SystemRoot\System32\Drivers\spldr.sys
  0x8BD59000 \SystemRoot\system32\drivers\sbp2port.sys
  0x8BD6E000 \SystemRoot\System32\Drivers\mup.sys
  0x8BD7D000 \SystemRoot\System32\drivers\ecache.sys
  0x8BDA4000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
  0x8BDAD000 \SystemRoot\system32\drivers\disk.sys
  0x8BDBE000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8F6D5000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8F6E0000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8F6E9000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8F6F8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8FC02000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x90559000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x9055B000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F6FC000 \SystemRoot\System32\drivers\watchdog.sys
  0x8F708000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8F713000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8F751000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8F760000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x90A0C000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
  0x90D95000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x90DB6000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x90DC6000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x90DD4000 \SystemRoot\system32\DRIVERS\jmcr.sys
  0x90DE8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x90DFB000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
  0x90A00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8BB9A000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x905FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8F7ED000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8BDD4000 \SystemRoot\system32\DRIVERS\enecir.sys
  0x8F7F8000 \SystemRoot\system32\drivers\Afc.sys
  0x8BBCA000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8F600000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8BDEC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8BDF5000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
  0x90E0E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x90E3D000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x90E48000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x90E5F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x90E6A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x90E8D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x90E9C000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x90EB0000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x90EC5000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x90ED5000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x90ED7000 \SystemRoot\system32\DRIVERS\ks.sys
  0x90F01000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x90F0F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x90F19000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x90F26000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x90F5B000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x90F6C000 \SystemRoot\system32\DRIVERS\stwrt.sys
  0x91C0B000 \SystemRoot\system32\DRIVERS\portcls.sys
  0x91C38000 \SystemRoot\system32\DRIVERS\drmk.sys
  0x91C5D000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x91C6B000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x91C76000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x91C86000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x91C8D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x91C96000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x91C9E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x91CA7000 \SystemRoot\System32\Drivers\Null.SYS
  0x91CAE000 \SystemRoot\System32\Drivers\Beep.SYS
  0x91CB5000 \SystemRoot\System32\drivers\vga.sys
  0x91CC1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x91CE2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x91CEA000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x91CF2000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x91CFD000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x91D0B000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x91D14000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x91D2A000 \SystemRoot\system32\DRIVERS\smb.sys
  0x91D3E000 \SystemRoot\system32\drivers\afd.sys
  0x91D86000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x91DB8000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x91DCE000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x91DDC000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x91DEF000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x91E05000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x91E41000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x91E4B000 \SystemRoot\System32\Drivers\dfsc.sys
  0x91E62000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x91E85000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x91E87000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x91E90000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
  0x91E97000 \SystemRoot\system32\drivers\vfs101x.sys
  0x91EA4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x91EBB000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x91EDC000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
  0x91EE5000 \SystemRoot\system32\DRIVERS\udfs.sys
  0x91F20000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0x91F2D000 \SystemRoot\System32\Drivers\bthport.sys
  0x91FAD000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0x91FD6000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0x91FE0000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0x90FD4000 \SystemRoot\system32\DRIVERS\bthmodem.sys
  0x90FE3000 \SystemRoot\system32\drivers\modem.sys
  0x8F606000 \SystemRoot\system32\drivers\btwavdt.sys
  0x93400000 \SystemRoot\system32\drivers\btwaudio.sys
  0x93480000 \SystemRoot\system32\DRIVERS\btwrchid.sys
  0x93483000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x93490000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x99220000 \SystemRoot\System32\win32k.sys
  0x9355E000 \SystemRoot\System32\drivers\Dxapi.sys
  0x93568000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x99440000 \SystemRoot\System32\TSDDD.dll
  0x99460000 \SystemRoot\System32\cdd.dll
  0x93577000 \SystemRoot\system32\drivers\luafv.sys
  0x93592000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9F80E000 \SystemRoot\system32\drivers\spsys.sys
  0x9F8BE000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9F8CE000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9F8F8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9F902000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9F915000 \SystemRoot\system32\drivers\HTTP.sys
  0x9F982000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9F99F000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9F9B8000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9F9CD000 \SystemRoot\system32\drivers\mrxdav.sys
  0x935A7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x935C6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x8F66D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x8F685000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA3003000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA3069000 \SystemRoot\system32\drivers\peauth.sys
  0xA3147000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA3151000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA315D000 \??\C:\Program Files\HP\QuickPlay\000.fcl
  0xA317C000 \??\C:\Windows\system32\FsUsbExDisk.SYS
  0xA3185000 \??\C:\Users\HP\AppData\Local\Temp\pwnyrfog.sys
  0x77560000 \Windows\System32\ntdll.dll

Processes (total 94):
       0 System Idle Process
       4 SYSTEM
     520 C:\Windows\System32\smss.exe
     604 csrss.exe
     656 C:\Windows\System32\wininit.exe
     672 csrss.exe
     704 C:\Windows\System32\services.exe
     720 C:\Windows\System32\lsass.exe
     728 C:\Windows\System32\lsm.exe
     864 C:\Windows\System32\svchost.exe
     932 C:\Windows\System32\nvvsvc.exe
     960 C:\Windows\System32\svchost.exe
    1004 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\svchost.exe
    1104 C:\Windows\System32\svchost.exe
    1144 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
    1220 C:\Windows\System32\audiodg.exe
    1244 C:\Windows\System32\svchost.exe
    1264 C:\Windows\System32\SLsvc.exe
    1308 C:\Windows\System32\svchost.exe
    1372 C:\Windows\System32\hpservice.exe
    1420 C:\Windows\System32\winlogon.exe
    1472 C:\Windows\System32\vfsFPService.exe
    1520 C:\Windows\System32\svchost.exe
    1780 C:\Windows\System32\spoolsv.exe
    1812 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    1984 C:\Windows\System32\nvvsvc.exe
     440 C:\Program Files\Avira\AntiVir Desktop\sched.exe
     460 C:\Windows\System32\svchost.exe
     572 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe
     532 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2036 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2024 C:\Program Files\Application Updater\ApplicationUpdater.exe
     372 C:\Program Files\Bonjour\mDNSResponder.exe
    1500 C:\Windows\System32\svchost.exe
    2064 C:\Windows\System32\FsUsbExService.Exe
    2112 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2252 C:\Windows\System32\PnkBstrA.exe
    2276 C:\Windows\System32\svchost.exe
    2324 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    2336 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    2372 C:\Windows\SMINST\BLService.exe
    2380 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2416 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2448 C:\Windows\System32\svchost.exe
    2484 C:\Windows\System32\svchost.exe
    2512 C:\Windows\System32\SearchIndexer.exe
    3456 C:\Windows\System32\taskeng.exe
    3748 C:\Windows\System32\taskeng.exe
    3812 C:\Windows\System32\dwm.exe
    3828 C:\Windows\explorer.exe
    3440 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3976 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3540 C:\Program Files\HP\QuickPlay\QPService.exe
    2464 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    2844 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    3136 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    4048 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    4012 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
     768 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    2692 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2876 C:\Program Files\IDT\WDM\sttray.exe
    1948 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
     700 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1884 C:\Program Files\iTunes\iTunesHelper.exe
    1396 C:\Program Files\Windows Sidebar\sidebar.exe
    2936 C:\Windows\ehome\ehtray.exe
    3088 C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    2952 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    1400 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    3692 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    3704 C:\Windows\ehome\ehmsas.exe
    2920 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3252 WmiPrvSE.exe
    2880 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    3784 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    4268 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    4344 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    4916 C:\Program Files\iPod\bin\iPodService.exe
    5180 C:\Windows\System32\svchost.exe
    5504 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    5580 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    1880 C:\Program Files\Internet Explorer\iexplore.exe
    5960 C:\Program Files\Internet Explorer\iexplore.exe
    6036 C:\Program Files\AOL\AOL Toolbar 5.0\AolTbServer.exe
    4684 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    2468 C:\Windows\System32\SearchProtocolHost.exe
    3412 C:\Windows\System32\SearchFilterHost.exe
    4952 C:\Program Files\Internet Explorer\iexplore.exe
    5592 dllhost.exe
    1132 dllhost.exe
    3128 C:\Users\HP\Desktop\MBRCheck.exe
    6092 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`47e00000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT0, Rev: 12.01A12

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!
         

Alt 10.11.2010, 13:19   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



Hast Du noch andere Betriebssysteme außer Vista installiert?

Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.11.2010, 14:23   #11
Piet27
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



Hallo Cosinus,

nein ich habe nur Vista installiert. Auf der D Partition ist eine Recovery Version von HP draufgespielt (war beim Kauf schon).
Eine Vista-Installations-DVD hab ich auch nicht, da es ein Komplett-Notebook mit vorinstalliertem Vista ist.

Soll ich trotzdem eine Recovery CD anlegen, wie in deinem ersten Link empfohlen oder können wir die Computerreparaturoptionen auch von der Recovery Partition starten? Hab aber sowas noch nicht gemacht (mit Recovery Partitionen zu arbeiten).

Beste Grüße
Piet

Alt 10.11.2010, 15:49   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



Dann mach es über die verlinkte Notfall-CD, wo du das Image runterladen kannst.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.11.2010, 22:47   #13
Piet27
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



Ok Cosinus,

hab von CD gebootet, Computerreparaturoptionen aufgerufen und beide Befehle in der Eingabeaufforderung eingegeben. Beide Aktionen ohne Fehler ausgeführt.

Wie geht es weiter im Programm?


Beste Grüße
Piet

Alt 10.11.2010, 23:10   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



Nun bräuchte ich ein neues Log von mbrcheck
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.11.2010, 23:17   #15
Piet27
 
Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Standard

Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C



So der neue MBRCheck:

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Quanta
BIOS Manufacturer:		Hewlett-Packard
System Manufacturer:		Hewlett-Packard
System Product Name:		HP Pavilion dv5 Notebook PC
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 213):
  0x82819000 \SystemRoot\system32\ntkrnlpa.exe
  0x82BD2000 \SystemRoot\system32\hal.dll
  0x8040F000 \SystemRoot\system32\kdcom.dll
  0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80486000 \SystemRoot\system32\PSHED.dll
  0x80497000 \SystemRoot\system32\BOOTVID.dll
  0x8049F000 \SystemRoot\system32\CLFS.SYS
  0x804E0000 \SystemRoot\system32\CI.dll
  0x8060C000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80688000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80695000 \SystemRoot\system32\drivers\acpi.sys
  0x806DB000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806E4000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806EC000 \SystemRoot\system32\drivers\pci.sys
  0x80713000 \SystemRoot\system32\drivers\isapnp.sys
  0x80722000 \SystemRoot\system32\drivers\mpio.sys
  0x8073E000 \SystemRoot\System32\drivers\partmgr.sys
  0x8074D000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80750000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8075A000 \SystemRoot\system32\drivers\volmgr.sys
  0x80769000 \SystemRoot\System32\drivers\volmgrx.sys
  0x807B3000 \SystemRoot\system32\drivers\intelide.sys
  0x807BA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x807C8000 \SystemRoot\system32\drivers\pciide.sys
  0x807CF000 \SystemRoot\system32\drivers\aliide.sys
  0x807D6000 \SystemRoot\system32\drivers\amdide.sys
  0x807DD000 \SystemRoot\system32\drivers\cmdide.sys
  0x807E5000 \SystemRoot\System32\drivers\mountmgr.sys
  0x805C0000 \SystemRoot\system32\drivers\msdsm.sys
  0x805DA000 \SystemRoot\system32\drivers\nvraid.sys
  0x82E0D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x82E2E000 \SystemRoot\system32\drivers\viaide.sys
  0x82E36000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x82F04000 \SystemRoot\system32\drivers\iastorv.sys
  0x82FA5000 \SystemRoot\system32\drivers\atapi.sys
  0x82FAD000 \SystemRoot\system32\drivers\ataport.SYS
  0x82FCB000 \SystemRoot\system32\drivers\lsi_scsi.sys
  0x84005000 \SystemRoot\system32\drivers\storport.sys
  0x84046000 \SystemRoot\system32\drivers\nvstor.sys
  0x84053000 \SystemRoot\system32\drivers\msahci.sys
  0x8405D000 \SystemRoot\system32\drivers\hpcisss.sys
  0x84068000 \SystemRoot\system32\drivers\adp94xx.sys
  0x840D2000 \SystemRoot\system32\drivers\adpahci.sys
  0x8411E000 \SystemRoot\system32\drivers\adpu160m.sys
  0x84139000 \SystemRoot\system32\drivers\SCSIPORT.SYS
  0x8415F000 \SystemRoot\system32\drivers\adpu320.sys
  0x84185000 \SystemRoot\system32\drivers\djsvs.sys
  0x84199000 \SystemRoot\system32\drivers\arc.sys
  0x841AF000 \SystemRoot\system32\drivers\arcsas.sys
  0x84206000 \SystemRoot\system32\drivers\elxstor.sys
  0x8429A000 \SystemRoot\system32\drivers\i2omp.sys
  0x842A4000 \SystemRoot\system32\drivers\iirsp.sys
  0x842B4000 \SystemRoot\system32\drivers\iteatapi.sys
  0x842C0000 \SystemRoot\system32\drivers\iteraid.sys
  0x842CC000 \SystemRoot\system32\drivers\lsi_fc.sys
  0x842E6000 \SystemRoot\system32\drivers\lsi_sas.sys
  0x842FE000 \SystemRoot\system32\drivers\megasas.sys
  0x84308000 \SystemRoot\system32\drivers\megasr.sys
  0x843BF000 \SystemRoot\system32\drivers\mraid35x.sys
  0x843CA000 \SystemRoot\system32\drivers\nfrd960.sys
  0x8B60C000 \SystemRoot\system32\drivers\ql2300.sys
  0x8B744000 \SystemRoot\system32\drivers\ql40xx.sys
  0x8B799000 \SystemRoot\system32\drivers\sisraid2.sys
  0x8B7A6000 \SystemRoot\system32\drivers\sisraid4.sys
  0x8B7BB000 \SystemRoot\system32\drivers\symc8xx.sys
  0x8B7C7000 \SystemRoot\system32\drivers\sym_hi.sys
  0x8B7D2000 \SystemRoot\system32\drivers\sym_u3.sys
  0x8B806000 \SystemRoot\system32\drivers\uliahci.sys
  0x8B842000 \SystemRoot\system32\drivers\ulsata.sys
  0x8B863000 \SystemRoot\system32\drivers\ulsata2.sys
  0x8B88F000 \SystemRoot\system32\drivers\vsmraid.sys
  0x8B8B0000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8B8E2000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8B8F2000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8BA09000 \SystemRoot\system32\drivers\ndis.sys
  0x8BB14000 \SystemRoot\system32\drivers\msrpc.sys
  0x8BB3F000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8BC06000 \SystemRoot\System32\drivers\tcpip.sys
  0x8BCF0000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8BE08000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8BF18000 \SystemRoot\system32\drivers\wd.sys
  0x8BF20000 \SystemRoot\system32\drivers\volsnap.sys
  0x8BF59000 \SystemRoot\System32\Drivers\spldr.sys
  0x8BF61000 \SystemRoot\system32\drivers\sbp2port.sys
  0x8BF76000 \SystemRoot\System32\Drivers\mup.sys
  0x8BF85000 \SystemRoot\System32\drivers\ecache.sys
  0x8BFAC000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
  0x8BFB5000 \SystemRoot\system32\drivers\disk.sys
  0x8BFC6000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8BFDC000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8BFE7000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8BFF0000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8BE00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8F40B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8FD62000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x8FE0E000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8FEAF000 \SystemRoot\System32\drivers\watchdog.sys
  0x8FEBB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8FEC6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8FF04000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8FF13000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x90009000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
  0x90392000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x903B3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x903C3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x903D1000 \SystemRoot\system32\DRIVERS\jmcr.sys
  0x903E5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x903F8000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
  0x8FFA0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8FFAB000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x903FD000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8FFDB000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8FFE6000 \SystemRoot\system32\DRIVERS\enecir.sys
  0x90000000 \SystemRoot\system32\drivers\Afc.sys
  0x8FD64000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8FE00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8FD7C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8FD85000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
  0x8FD90000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8FDBF000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8FDCA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8FDE1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8BDD9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8FDEC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8BB7A000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8BB8E000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8BBA3000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8FE06000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8BBB3000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8BBDD000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8F400000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8BBEB000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8B963000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8B998000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x90C01000 \SystemRoot\system32\DRIVERS\stwrt.sys
  0x90C69000 \SystemRoot\system32\DRIVERS\portcls.sys
  0x90C96000 \SystemRoot\system32\DRIVERS\drmk.sys
  0x90CBB000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x90CC9000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x90CD4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x90CE4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x90CEB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x90CF4000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x90CFC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x90D05000 \SystemRoot\System32\Drivers\Null.SYS
  0x90D0C000 \SystemRoot\System32\Drivers\Beep.SYS
  0x90D13000 \SystemRoot\System32\drivers\vga.sys
  0x90D1F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x90D40000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x90D48000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x90D50000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x90D5B000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x90D69000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x90D72000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x90D88000 \SystemRoot\system32\DRIVERS\smb.sys
  0x90D9C000 \SystemRoot\system32\drivers\afd.sys
  0x8B9A9000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90DE4000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8B9DB000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8B9E9000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x90DFA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x91006000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x91042000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x9104C000 \SystemRoot\System32\Drivers\dfsc.sys
  0x91063000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x91086000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x9108F000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x91091000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
  0x91098000 \SystemRoot\system32\drivers\vfs101x.sys
  0x910A5000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x910B2000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x91180000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x91197000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x911B8000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
  0x911C1000 \SystemRoot\System32\Drivers\BTHUSB.sys
  0x8BD0B000 \SystemRoot\System32\Drivers\bthport.sys
  0x911CE000 \SystemRoot\system32\DRIVERS\rfcomm.sys
  0x8BFCF000 \SystemRoot\system32\DRIVERS\BthEnum.sys
  0x8BD8B000 \SystemRoot\system32\DRIVERS\bthpan.sys
  0x8BDA5000 \SystemRoot\system32\DRIVERS\bthmodem.sys
  0x8BDB4000 \SystemRoot\system32\drivers\modem.sys
  0x92E05000 \SystemRoot\system32\drivers\btwavdt.sys
  0x92E6C000 \SystemRoot\system32\drivers\btwaudio.sys
  0x92EEC000 \SystemRoot\system32\DRIVERS\btwrchid.sys
  0x93000000 \SystemRoot\System32\win32k.sys
  0x92EEF000 \SystemRoot\System32\drivers\Dxapi.sys
  0x92EF9000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x93220000 \SystemRoot\System32\TSDDD.dll
  0x93240000 \SystemRoot\System32\cdd.dll
  0x92F08000 \SystemRoot\system32\drivers\luafv.sys
  0x92F23000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x92F38000 \SystemRoot\system32\drivers\spsys.sys
  0x92FE8000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x841C5000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8BDC1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8B7DD000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA0008000 \SystemRoot\system32\drivers\HTTP.sys
  0xA0075000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA0092000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA00AB000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA00C0000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA00E1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA0100000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA0139000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA0151000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA0179000 \SystemRoot\System32\DRIVERS\srv.sys
  0xABA0C000 \SystemRoot\system32\drivers\peauth.sys
  0xABAEA000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xABAF4000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xABB00000 \??\C:\Program Files\HP\QuickPlay\000.fcl
  0xABB1F000 \??\C:\Windows\system32\FsUsbExDisk.SYS
  0xABB28000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x77980000 \Windows\System32\ntdll.dll

Processes (total 97):
       0 System Idle Process
       4 SYSTEM
     436 C:\Windows\System32\smss.exe
     520 csrss.exe
     572 C:\Windows\System32\wininit.exe
     584 csrss.exe
     616 C:\Windows\System32\services.exe
     628 C:\Windows\System32\lsass.exe
     636 C:\Windows\System32\lsm.exe
     800 C:\Windows\System32\svchost.exe
     864 C:\Windows\System32\nvvsvc.exe
     892 C:\Windows\System32\svchost.exe
     948 C:\Windows\System32\svchost.exe
     980 C:\Windows\System32\svchost.exe
    1016 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
    1144 C:\Windows\System32\audiodg.exe
    1168 C:\Windows\System32\svchost.exe
    1184 C:\Windows\System32\SLsvc.exe
    1212 C:\Windows\System32\svchost.exe
    1304 C:\Windows\System32\hpservice.exe
    1340 C:\Windows\System32\winlogon.exe
    1404 C:\Windows\System32\vfsFPService.exe
    1484 C:\Windows\System32\svchost.exe
    1672 C:\Windows\System32\spoolsv.exe
    1700 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    1904 C:\Windows\System32\nvvsvc.exe
     124 C:\Program Files\Avira\AntiVir Desktop\sched.exe
     292 C:\Windows\System32\svchost.exe
    2004 C:\Windows\System32\dwm.exe
    1200 C:\Windows\explorer.exe
    1960 C:\Windows\System32\taskeng.exe
    2096 C:\Windows\System32\taskeng.exe
    2156 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2164 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2188 C:\Program Files\HP\QuickPlay\QPService.exe
    2220 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    2260 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    2464 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    2492 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    2536 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2544 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    2552 C:\Program Files\IDT\WDM\sttray.exe
    2656 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    2664 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2688 C:\Program Files\iTunes\iTunesHelper.exe
    2696 C:\Program Files\Windows Sidebar\sidebar.exe
    2712 C:\Windows\ehome\ehtray.exe
    2720 C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    2736 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2744 C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    2756 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    2784 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe
    2800 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2876 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    2944 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2964 C:\Program Files\OpenOffice.org 3\program\soffice.exe
    2980 C:\Program Files\Application Updater\ApplicationUpdater.exe
    3012 C:\Program Files\Bonjour\mDNSResponder.exe
    3032 C:\Windows\System32\svchost.exe
    3076 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    3084 C:\Windows\System32\FsUsbExService.Exe
    3216 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    3264 C:\Windows\System32\PnkBstrA.exe
    3320 C:\Windows\System32\svchost.exe
    3352 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    3384 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    3396 C:\Windows\SMINST\BLService.exe
    3424 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    3504 C:\Windows\System32\svchost.exe
    3556 C:\Windows\System32\svchost.exe
    3640 C:\Windows\System32\SearchIndexer.exe
    2836 C:\Windows\ehome\ehmsas.exe
    3044 C:\Program Files\OpenOffice.org 3\program\soffice.bin
    3528 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    1920 C:\Program Files\Internet Explorer\iexplore.exe
    2172 C:\Program Files\Internet Explorer\iexplore.exe
    3524 C:\Program Files\AOL\AOL Toolbar 5.0\AolTbServer.exe
    4316 C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    4764 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    4832 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4860 WmiPrvSE.exe
    5152 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    5244 C:\Program Files\iPod\bin\iPodService.exe
    5360 C:\Windows\System32\svchost.exe
    5484 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    5548 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    5828 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    4132 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    1152 C:\Program Files\Internet Explorer\iexplore.exe
    4844 C:\Windows\System32\SearchProtocolHost.exe
    5788 C:\Windows\System32\SearchFilterHost.exe
    5884 dllhost.exe
    5440 dllhost.exe
    2196 C:\Users\HP\Desktop\MBRCheck.exe
     228 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000048`47e00000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-60ZCT0, Rev: 12.01A12

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
         

Antwort

Themen zu Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C
.dll, adware.widgitoolbar, antivir, avg, avira, browser, components, desktop, dwm.exe, explorer.exe, java/agent.hr, java/agent.m.1, jusched.exe, lsass.exe, malwarebytes, microsoft, modul, namen, nt.dll, pdfforge toolbar, programm, prozesse, registry, service.exe, services.exe, software, sttray.exe, svchost.exe, trojan.dropper.pgen, trojaner, trojaner board, versteckte objekte, verweise, virus, virus gefunden, windows, winlogon.exe, wmp



Ähnliche Themen: Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C


  1. Währens trovigo-Virus-Entfernung Java-Virus Java/Exploit.Agent.OHY trojan entdeckt, den ich nicht loswerde.
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (11)
  2. Nach Verschlüsselungstrojaner viele Virenfunde (JAVA/Jogek.CT; rus JAVA/Agent.MH; JAVA/Dldr.Pesur.BH; W32/Idele.2219; VBS/Fluenza.B; u.a...
    Log-Analyse und Auswertung - 28.01.2013 (1)
  3. Anhaltendes Virenproblem: JAVA/Agent.MN, TR/Spy.ZBot.gfbr.1, EXP/Dldr.Java.D-G, JAVA/Dldr.Rilly.A
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (25)
  4. AVSCAN hat mehrere Java-Viren JAVA/Agent.M* und Exploits EXP/CVE-2011-3544 gefunden
    Log-Analyse und Auswertung - 15.10.2012 (24)
  5. Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (18)
  6. Malware auf Homepage und Rechner gefunden. 'JAVA/Agent.JT' , JAVA/Agent.10515
    Log-Analyse und Auswertung - 31.05.2011 (22)
  7. Java:Agent-DU und Java:Agent-DR in einem Archiv gefunden
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (45)
  8. Massig Viren: JS/Agent.DZ, JAVA/Exdoer.UW, JAVA/Agent.10515
    Plagegeister aller Art und deren Bekämpfung - 04.04.2011 (4)
  9. Java-Virus JAVA/Agent.BH und Exploits EXP/Pidief.3582
    Log-Analyse und Auswertung - 27.01.2011 (1)
  10. Avira findet 2 Trojaner Java-Virus JAVA/Agent.BH und Exploit EXP/Pidief.coi
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (29)
  11. Antivir Fund JAVA/Agent.IV; JAVA/Agent.HT.2; JAVA/Agent.ID.2
    Plagegeister aller Art und deren Bekämpfung - 07.01.2011 (22)
  12. Avira meldet Befall mit TR/Dldr.Carberp.C.51 und Java/Agent.HT.2 bzw. Java/Agent.ID.2
    Plagegeister aller Art und deren Bekämpfung - 26.11.2010 (14)
  13. Avirafund: TR/Drop.Agent.cxpr, JAVA/Agent.A, JAVA/Rowindal.C und andere
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (25)
  14. Trojanische Pferd TR/Click.Cycler.akna und Java-Virus JAVA/Dldr.Agent.W
    Plagegeister aller Art und deren Bekämpfung - 28.08.2010 (1)
  15. 'JAVA/Agent.D' [virus] und 'EXP/Java.Agent.BF' --- Notebook extrem laaaangsam..
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (30)
  16. TR/Dldr.Java.Agent und JAVA/Agent.F.1 allerdings nur von antivir erkannt
    Plagegeister aller Art und deren Bekämpfung - 06.06.2010 (8)
  17. Virus Java-Virus JAVA/Dldr.Agent.C gefunden; Bitte um Prüfung des Hijack Logfiles
    Log-Analyse und Auswertung - 24.07.2007 (3)

Zum Thema Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C - Hallo Trojaner Board Community, wie im Thema oben beschrieben, habe ich heute folgende Virenfunde mit Avira endeckt. Ich hoffe ihr könnt mir helfen. Logreport von Avira folgt weiter unten. Avira - Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C...
Archiv
Du betrachtest: Virus gefunden: JAVA/Agent.HR , JAVA/Agent.M.1, JAVA/Rowindal.C auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.