Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Firefox meldet anstelle meiner IP eine aus Moskau

Firefox meldet anstelle meiner IP eine aus Moskau


Plagegeister aller Art und deren Bekämpfung: Firefox meldet anstelle meiner IP eine aus Moskau

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.05.2012, 02:44   #1
siggi30
 
Firefox meldet anstelle meiner IP eine aus Moskau - Icon21

Firefox meldet anstelle meiner IP eine aus Moskau


Compaq 4715s 3GB + 1GB RamDisk, Vista Home 6.0.6002 SP2 aut. Updates
Fritz.Box 7112 neueste Aktuell installierte Firmware-Version: 87.04.87
verbunden seit 26.05.2012, 03:15 Uhr, 1&1 Internet, IP-Adresse:
89.12.38.21
Opera wieistmeineip: Ihre IP-Adresse ist :
89.12.38.21
Firefox wieistmeineip: 46.31.26.12
utrace: IP-Adresse: 46.31.26.12
Provider: ZAO Kapstroytelecom
Organisation: ZAO Kapstroy Telecom
Goggle Search meldet automatischen traffic, verlangt captchas.
--------
Vollscan Antivir C:E:G:H: 0 gefunden
[D:System Tools, E:recovery, G:H: private Daten (Texte, Audio, Filme usw.)]
Malwarebytes C: 0 gefunden
HiJackThis204 C:Z: fand Hinweise auf 7 Großbuchtaben-Files.exe auf Z:
gefixt, Systemneustart, HiJackThis204 findet nichts mehr.
Aber Firefox-IP weiterhin aus Moskau s.o.

Vor 10 Minuten plötzlich BLUESCREEN ---- hatte ich noch nie
system problem found, windows shut down.
Automatischer Neustart, schicke dies jetzt ab.

Firefox fritz.box:
ERROR
The requested URL could not be retrieved

The following error was encountered while trying to retrieve the URL: hxxp://fritz.box/
Unable to determine IP address from host name "fritz.box"
The DNS server returned:
Name Error: The domain name does not exist.
This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.
Your cache administrator is webmaster.
Generated Sat, 26 May 2012 01:37:56 GMT by debian (squid/2.7.STABLE9)
Jetzt ist es aber genau 26.5. 3:40

Opera, IE: finden beide fritz.box.

Bitte um Hilfe.

x: Fehler bei der Windows Sockets-Initialisierung: 5
TCP [::]:135 [::]:0 ABHÖREN 828
RpcSs
x: Fehler bei der Windows Sockets-Initialisierung: 5
UDP 192.168.178.21:138 *:* 4
x: Fehler bei der Windows Sockets-Initialisierung: 5
UDP 192.168.178.21:1900 *:* 1172
SSDPSRV
[svchost.exe]
Geändert von siggi30 (26.05.2012 um 02:54 Uhr) Grund: netstat bringt êvtl. interesante Info

Alt 26.05.2012, 20:24   #2
kira
/// Helfer-Team
 
Firefox meldet anstelle meiner IP eine aus Moskau - Standard

Firefox meldet anstelle meiner IP eine aus Moskau


Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

3.
Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter
Zitat:
Keine offenen Fenster, solang bis HijackThis läuft!!-> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile "markieren" -> "kopieren"-> hier in deinem Thread (rechte Maustaste) "einfügen" (musst du im Forum eingeloggt sein!)
Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira
__________________

__________________
Alt 27.05.2012, 04:15   #3
siggi30
 
Firefox meldet anstelle meiner IP eine aus Moskau - Standard

Firefox meldet anstelle meiner IP eine aus Moskau


Hallo Kira,
Dank für Deine schnelle Hilfe.
Ich habe seit dem BLUESCREEN statt firefox nur noch opera benutzt.
1. Run OTL:
OTL.TXT
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.05.2012 03:31:29 - Run 4
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\s\Documents
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,87 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 41,59% Memory free
3,68 Gb Paging File | 2,07 Gb Available in Paging File | 56,30% Paging File free
Paging file location(s): c:\pagefile.sys 16 1024z:\pagefile.sys 900 920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,11 Gb Total Space | 9,83 Gb Free Space | 25,14% Space Free | Partition Type: NTFS
Drive D: | 7,59 Gb Total Space | 0,65 Gb Free Space | 8,52% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,21% Space Free | Partition Type: NTFS
Drive G: | 61,52 Gb Total Space | 0,38 Gb Free Space | 0,61% Space Free | Partition Type: NTFS
Drive H: | 39,27 Gb Total Space | 3,42 Gb Free Space | 8,71% Space Free | Partition Type: NTFS
Drive Z: | 1023,00 Mb Total Space | 122,99 Mb Free Space | 12,02% Space Free | Partition Type: FAT32

Computer Name: S-PC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\s\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\dradio-Recorder\phonostarTimer.exe ()
PRC - C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço)
PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhservice.exe (Paragon Software Group)
PRC - C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhagent.exe (Paragon Software Group)
PRC - C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
PRC - C:\users\s\PROGS\VS\win\VS.EXE ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\dradio-Recorder\phonostarTimer.exe ()
MOD - C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe ()
MOD - C:\WINDOWS\System32\atitmmxx.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\users\s\PROGS\VS\win\VS.EXE ()
MOD - C:\users\s\PROGS\VS\win\VCHACK.DLL ()
MOD - C:\users\s\PROGS\VS\win\VSAPI.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (ZLMM) -- Z:\Temp\ZLMM.exe File not found
SRV - (VBPYZIXBOQ) -- Z:\Temp\VBPYZIXBOQ.exe File not found
SRV - (TOWPQ) -- Z:\Temp\TOWPQ.exe File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (RWSX) -- Z:\Temp\RWSX.exe File not found
SRV - (NHLQNS) -- Z:\Temp\NHLQNS.exe File not found
SRV - (MEXQD) -- Z:\Temp\MEXQD.exe File not found
SRV - (FOJDVGF) -- Z:\Temp\FOJDVGF.exe File not found
SRV - (EEYGQKZIUNYL) -- Z:\Temp\EEYGQKZIUNYL.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AfaService) -- C:\WINDOWS\System32\afasrv32.exe ()
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (Paragon System Backup Dienst) -- C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhservice.exe (Paragon Software Group)
SRV - (UI Assistant Service) -- C:\Program Files\Join Air\AssistantServices.exe ()
SRV - (bepldr6PixelPlanetService) -- C:\Program Files\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe ()
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
SRV - (AEADIFilters) -- C:\WINDOWS\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found
DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (rootrepeal) -- C:\Windows\system32\drivers\rootrepeal.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (a9ry7opk) --  File not found
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\drivers\sptd.sys ()
DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (MHIKEY10) -- C:\WINDOWS\System32\drivers\MHIKEY10.sys (Generic USB smartcard reader)
DRV - (hotcore3) -- C:\WINDOWS\System32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (CdaC15BA) -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS ()
DRV - (VBoxNetAdp) -- C:\WINDOWS\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ZTEusbser6k) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Ser2pl) -- C:\WINDOWS\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (RRamdisk) -- C:\WINDOWS\System32\drivers\rramdisk.sys (gavotte)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (KMWDFILTER) -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WinRing0_1_2_0) -- C:\Program Files\BatteryCare\WinRing0.sys (OpenLibSys.org)
DRV - (Ramdisk) -- C:\WINDOWS\System32\drivers\ramdisk.sys (Microsoft Corporation)
DRV - (SCR3XX2K) -- C:\WINDOWS\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (SSPORT) -- C:\WINDOWS\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (TPM) -- C:\WINDOWS\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (WimFltr) -- C:\WINDOWS\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\WINDOWS\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (DgiVecp) -- C:\WINDOWS\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soft-xpansion/npsxpdf: C:\Program Files\Common Files\soft Xpansion\np-sxpdf.dll (soft Xpansion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.15 17:50:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.14 01:59:32 | 000,000,000 | ---D | M]

[2010.07.22 14:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions
[2011.11.08 23:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions
[2010.11.10 15:44:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.30 17:21:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.14 03:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions
[2010.08.09 14:01:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.24 14:22:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.30 17:21:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.15 17:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.05.14 03:16:42 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.13 19:38:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DBHAgent] C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhagent.exe (Paragon Software Group)
O4 - HKCU..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [dradio-Recorder] C:\Program Files\dradio-Recorder\phonostarStarter.exe ()
O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files\dradio-Recorder\phonostarTimer.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipMagic.lnk = C:\Program Files\ClipMagic3.2.3\clipmagic.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: iMacros V7 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files\iOpus\iMacros\iMacrosSidebar.dll ()
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C0A94B8-C110-4DAB-A31F-5D9A3ED781D1}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img17.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.23 01:35:39 | 000,000,000 | ---D | C] -- C:\vslick
[2012.05.20 11:42:57 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Runscanner.net
[2012.05.15 23:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.05.15 17:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.15 16:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2012.05.15 16:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012.05.15 16:27:36 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Secunia PSI (BETA)
[2012.05.14 03:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012.05.14 02:00:04 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Seven Zip
[2012.05.13 20:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\ZZattoo4
[2012.05.09 11:00:14 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.09 11:00:14 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.09 11:00:14 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.09 11:00:14 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.09 11:00:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.09 11:00:13 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.09 11:00:12 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.09 11:00:12 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.05.27 03:33:54 | 000,658,316 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.27 03:33:54 | 000,614,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.27 03:33:54 | 000,151,598 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.27 03:33:54 | 000,116,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.27 03:31:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.27 03:26:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.27 03:26:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.27 03:26:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.27 02:28:31 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.15 23:50:40 | 000,001,015 | ---- | M] () -- C:\Users\a\Desktop\Spybot - Search & Destroy.lnk
[2012.05.15 17:50:21 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.15 16:35:06 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.15 16:32:11 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.05.15 15:37:52 | 000,001,683 | ---- | M] () -- C:\Users\Public\Desktop\ClipMagic.lnk
[2012.05.14 12:57:51 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.14 12:57:51 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.14 12:01:50 | 000,439,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.14 03:16:43 | 000,000,848 | ---- | M] () -- C:\Users\a\Desktop\Orbit.lnk
[2012.05.08 14:31:09 | 004,140,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012.05.08 13:30:00 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 13:30:00 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.05.15 23:50:40 | 000,001,015 | ---- | C] () -- C:\Users\a\Desktop\Spybot - Search & Destroy.lnk
[2012.05.15 16:33:01 | 000,001,674 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
[2012.05.15 16:32:11 | 000,000,686 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.05.15 16:32:11 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.03.20 01:07:27 | 000,003,474 | ---- | C] () -- C:\Windows\System32\NANSI.SYS
[2012.03.11 22:13:38 | 000,112,128 | RH-- | C] () -- C:\Windows\CdaC14BA.DLL
[2012.03.11 22:13:38 | 000,030,720 | RH-- | C] () -- C:\Windows\CdaC13BA.EXE
[2012.02.24 23:23:17 | 000,017,408 | ---- | C] () -- C:\Users\a\AppData\Local\WebpageIcons.db
[2011.09.25 21:35:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\afasrv32.exe
[2011.09.19 22:51:16 | 000,821,182 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.09.19 22:51:16 | 000,251,575 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.06.28 14:18:31 | 000,006,808 | ---- | C] () -- C:\Windows\System32\HWACCESS.SYS
[2011.04.27 16:14:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.23 04:12:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.19 17:56:19 | 000,004,608 | ---- | C] () -- C:\Users\a\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.25 17:15:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.10.14 02:24:08 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2010.10.04 07:29:11 | 000,000,035 | ---- | C] () -- C:\Windows\Ulead32.INI
[2010.09.29 15:03:25 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2010.09.23 11:12:36 | 000,029,752 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
[2010.09.18 01:16:00 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2010.08.07 00:38:29 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.07.16 11:09:05 | 000,000,089 | ---- | C] () -- C:\Users\a\AppData\Local\fusioncache.dat
[2010.07.09 15:49:14 | 002,648,064 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2010.07.02 14:29:29 | 000,008,864 | ---- | C] () -- C:\Windows\System32\drivers\CDAC15BA.SYS
[2010.07.02 03:23:33 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys
[2010.07.02 03:23:33 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys
[2010.06.21 03:06:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.06.20 18:06:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.06.20 18:06:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.06.09 17:45:19 | 000,010,414 | ---- | C] () -- C:\Windows\recORDER.DLL

< End of report >
--- --- ---


Extras.Txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.05.2012 03:31:29 - Run 4
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\s\Documents
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,87 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 41,59% Memory free
3,68 Gb Paging File | 2,07 Gb Available in Paging File | 56,30% Paging File free
Paging file location(s): c:\pagefile.sys 16 1024z:\pagefile.sys 900 920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,11 Gb Total Space | 9,83 Gb Free Space | 25,14% Space Free | Partition Type: NTFS
Drive D: | 7,59 Gb Total Space | 0,65 Gb Free Space | 8,52% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,21% Space Free | Partition Type: NTFS
Drive G: | 61,52 Gb Total Space | 0,38 Gb Free Space | 0,61% Space Free | Partition Type: NTFS
Drive H: | 39,27 Gb Total Space | 3,42 Gb Free Space | 8,71% Space Free | Partition Type: NTFS
Drive Z: | 1023,00 Mb Total Space | 122,99 Mb Free Space | 12,02% Space Free | Partition Type: FAT32

Computer Name: S-PC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\s\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\dradio-Recorder\phonostarTimer.exe ()
PRC - C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço)
PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhservice.exe (Paragon Software Group)
PRC - C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhagent.exe (Paragon Software Group)
PRC - C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
PRC - C:\users\s\PROGS\VS\win\VS.EXE ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\dradio-Recorder\phonostarTimer.exe ()
MOD - C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe ()
MOD - C:\WINDOWS\System32\atitmmxx.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\users\s\PROGS\VS\win\VS.EXE ()
MOD - C:\users\s\PROGS\VS\win\VCHACK.DLL ()
MOD - C:\users\s\PROGS\VS\win\VSAPI.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (ZLMM) -- Z:\Temp\ZLMM.exe File not found
SRV - (VBPYZIXBOQ) -- Z:\Temp\VBPYZIXBOQ.exe File not found
SRV - (TOWPQ) -- Z:\Temp\TOWPQ.exe File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (RWSX) -- Z:\Temp\RWSX.exe File not found
SRV - (NHLQNS) -- Z:\Temp\NHLQNS.exe File not found
SRV - (MEXQD) -- Z:\Temp\MEXQD.exe File not found
SRV - (FOJDVGF) -- Z:\Temp\FOJDVGF.exe File not found
SRV - (EEYGQKZIUNYL) -- Z:\Temp\EEYGQKZIUNYL.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AfaService) -- C:\WINDOWS\System32\afasrv32.exe ()
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (Paragon System Backup Dienst) -- C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhservice.exe (Paragon Software Group)
SRV - (UI Assistant Service) -- C:\Program Files\Join Air\AssistantServices.exe ()
SRV - (bepldr6PixelPlanetService) -- C:\Program Files\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe ()
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
SRV - (AEADIFilters) -- C:\WINDOWS\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found
DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (rootrepeal) -- C:\Windows\system32\drivers\rootrepeal.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (a9ry7opk) --  File not found
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\drivers\sptd.sys ()
DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (MHIKEY10) -- C:\WINDOWS\System32\drivers\MHIKEY10.sys (Generic USB smartcard reader)
DRV - (hotcore3) -- C:\WINDOWS\System32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (CdaC15BA) -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS ()
DRV - (VBoxNetAdp) -- C:\WINDOWS\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ZTEusbser6k) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\WINDOWS\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Ser2pl) -- C:\WINDOWS\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (RRamdisk) -- C:\WINDOWS\System32\drivers\rramdisk.sys (gavotte)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (KMWDFILTER) -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WinRing0_1_2_0) -- C:\Program Files\BatteryCare\WinRing0.sys (OpenLibSys.org)
DRV - (Ramdisk) -- C:\WINDOWS\System32\drivers\ramdisk.sys (Microsoft Corporation)
DRV - (SCR3XX2K) -- C:\WINDOWS\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (SSPORT) -- C:\WINDOWS\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (TPM) -- C:\WINDOWS\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (WimFltr) -- C:\WINDOWS\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\WINDOWS\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (DgiVecp) -- C:\WINDOWS\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soft-xpansion/npsxpdf: C:\Program Files\Common Files\soft Xpansion\np-sxpdf.dll (soft Xpansion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.15 17:50:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.14 01:59:32 | 000,000,000 | ---D | M]

[2010.07.22 14:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions
[2011.11.08 23:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions
[2010.11.10 15:44:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.30 17:21:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.14 03:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions
[2010.08.09 14:01:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.24 14:22:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.30 17:21:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.15 17:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.05.14 03:16:42 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.13 19:38:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DBHAgent] C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhagent.exe (Paragon Software Group)
O4 - HKCU..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [dradio-Recorder] C:\Program Files\dradio-Recorder\phonostarStarter.exe ()
O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files\dradio-Recorder\phonostarTimer.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipMagic.lnk = C:\Program Files\ClipMagic3.2.3\clipmagic.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: iMacros V7 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files\iOpus\iMacros\iMacrosSidebar.dll ()
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C0A94B8-C110-4DAB-A31F-5D9A3ED781D1}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img17.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.23 01:35:39 | 000,000,000 | ---D | C] -- C:\vslick
[2012.05.20 11:42:57 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Runscanner.net
[2012.05.15 23:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.05.15 17:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.15 16:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2012.05.15 16:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012.05.15 16:27:36 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Secunia PSI (BETA)
[2012.05.14 03:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012.05.14 02:00:04 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Seven Zip
[2012.05.13 20:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\ZZattoo4
[2012.05.09 11:00:14 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.09 11:00:14 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.09 11:00:14 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.09 11:00:14 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.09 11:00:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.09 11:00:13 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.09 11:00:12 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.09 11:00:12 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.05.27 03:33:54 | 000,658,316 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.27 03:33:54 | 000,614,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.27 03:33:54 | 000,151,598 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.27 03:33:54 | 000,116,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.27 03:31:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.27 03:26:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.27 03:26:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.27 03:26:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.27 02:28:31 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.15 23:50:40 | 000,001,015 | ---- | M] () -- C:\Users\a\Desktop\Spybot - Search & Destroy.lnk
[2012.05.15 17:50:21 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.15 16:35:06 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.15 16:32:11 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.05.15 15:37:52 | 000,001,683 | ---- | M] () -- C:\Users\Public\Desktop\ClipMagic.lnk
[2012.05.14 12:57:51 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.14 12:57:51 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.14 12:01:50 | 000,439,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.14 03:16:43 | 000,000,848 | ---- | M] () -- C:\Users\a\Desktop\Orbit.lnk
[2012.05.08 14:31:09 | 004,140,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012.05.08 13:30:00 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 13:30:00 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[3 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.05.15 23:50:40 | 000,001,015 | ---- | C] () -- C:\Users\a\Desktop\Spybot - Search & Destroy.lnk
[2012.05.15 16:33:01 | 000,001,674 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
[2012.05.15 16:32:11 | 000,000,686 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.05.15 16:32:11 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012.03.20 01:07:27 | 000,003,474 | ---- | C] () -- C:\Windows\System32\NANSI.SYS
[2012.03.11 22:13:38 | 000,112,128 | RH-- | C] () -- C:\Windows\CdaC14BA.DLL
[2012.03.11 22:13:38 | 000,030,720 | RH-- | C] () -- C:\Windows\CdaC13BA.EXE
[2012.02.24 23:23:17 | 000,017,408 | ---- | C] () -- C:\Users\a\AppData\Local\WebpageIcons.db
[2011.09.25 21:35:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\afasrv32.exe
[2011.09.19 22:51:16 | 000,821,182 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.09.19 22:51:16 | 000,251,575 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.06.28 14:18:31 | 000,006,808 | ---- | C] () -- C:\Windows\System32\HWACCESS.SYS
[2011.04.27 16:14:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.23 04:12:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.19 17:56:19 | 000,004,608 | ---- | C] () -- C:\Users\a\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.25 17:15:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.10.14 02:24:08 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2010.10.04 07:29:11 | 000,000,035 | ---- | C] () -- C:\Windows\Ulead32.INI
[2010.09.29 15:03:25 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2010.09.23 11:12:36 | 000,029,752 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
[2010.09.18 01:16:00 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2010.08.07 00:38:29 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.07.16 11:09:05 | 000,000,089 | ---- | C] () -- C:\Users\a\AppData\Local\fusioncache.dat
[2010.07.09 15:49:14 | 002,648,064 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2010.07.02 14:29:29 | 000,008,864 | ---- | C] () -- C:\Windows\System32\drivers\CDAC15BA.SYS
[2010.07.02 03:23:33 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys
[2010.07.02 03:23:33 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys
[2010.06.21 03:06:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.06.20 18:06:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.06.20 18:06:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.06.09 17:45:19 | 000,010,414 | ---- | C] () -- C:\Windows\recORDER.DLL

< End of report >
--- --- ---


2. Run ccleaner
Code:
ATTFilter
7sDoc-lite 1.3.0	SVA-software	14.03.2012	4,43 MB	
ABBYY FineReader 5.0 Pro	ABBYY Software House	01.07.2010	151,1 MB	5.0
ABBYY FineReader 5.0 Sprint	ABBYY Software House	01.07.2010	294 MB	5.0.0.3347
ABBYY FineReader OCR Engine für Tevion		01.07.2010	272 MB	
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	07.05.2012		11.2.202.235
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	13.05.2012		11.2.202.235
Agere Systems HDA Modem	LSI Corporation	14.03.2009	16,00 KB	
Application Installer 4.00.B14	Hewlett-Packard Company	02.03.2009	0,89 MB	4.00.B14
ASIO4ALL	Michael Tippach	06.09.2010	0,52 MB	2.10
ATI Catalyst Install Manager	ATI Technologies, Inc.	26.04.2011	13,8 MB	3.0.715.0
ATI Uninstaller	ATI Technologies, Inc.	02.03.2009	13,9 MB	
Avanquest update	Avanquest Software	04.02.2012	2,79 MB	1.30
Avira Free Antivirus	Avira	07.05.2012	99,6 MB	12.0.0.1125
AVM FRITZ!DSL	AVM Berlin	12.07.2010	11,2 MB	2.04.03
BatteryCare 0.9.8.10	Filipe Lourenço	13.06.2011	3,10 MB	0.9.8.10
Browser Mouse		22.06.2010	2,01 MB	
Business Contact Manager für Outlook 2007 SP2	Microsoft Corporation	01.06.2010	31,4 MB	3.0.8619.1
Cda Product Service - shared component		10.03.2012		
CHIPDRIVE Smartcard Commander	SCM Microsystems	13.10.2010	21,6 MB	
Chipkartenleser		17.09.2010	2,97 MB	
ClipMagic 3.2.3	MJT Net Ltd	02.09.2011	1,39 MB	4.1
DAEMON Tools Lite	DT Soft Ltd	15.10.2011	24,2 MB	4.41.3.0173
dradio-Recorder Version 3.02.5		03.04.2012	34,7 MB	
DSL-Turbo	FRANZIS Verlag	07.10.2011	3,36 MB	
ESU for Microsoft Vista	Hewlett-Packard	29.06.2007	3,78 MB	1.0.10.1
EVEREST Home Edition v2.20	Lavalys Inc	28.03.2012	6,58 MB	2.20
Feedback Tool	Microsoft Corporation	19.06.2011	2,28 MB	1.2.0
Flash Memory Toolkit trial 2.01	EFD Software	11.10.2011	3,30 MB	
fortePivot	LG Soft India	11.08.2010	2,16 MB	3.04
Foxit Creator	Foxit Corporation	16.02.2011		3,1,0,1210
Foxit Reader	Foxit Corporation	12.07.2011	11,6 MB	4.3.1.323
Free Studio version 5.0.9	DVDVideoSoft Limited.	29.04.2011	173,0 MB	
Gadwin PrintScreen	Gadwin Systems, Inc.	17.05.2011	3,50 MB	4.6
Google Earth Plug-in	Google	16.11.2011	40,9 MB	6.1.0.5001
GPL Ghostscript	Artifex Software Inc.	11.06.2011	31,1 MB	9.02
GSview 4.9		11.06.2011	3,23 MB	
HD Tune 2.55	EFD Software	04.11.2010	1,27 MB	
HP BIOS Configuration for ProtectTools	Hewlett-Packard	29.06.2007	2,56 MB	3.00 C1
HP Customer Experience Enhancements	Hewlett-Packard	29.06.2007		5.0.0.2258
HP Easy Setup - Core	Hewlett-Packard	29.06.2007	1,02 MB	5.0.0.2258
HP Easy Setup - Frontend	Hewlett-Packard	29.06.2007	1,44 MB	5.0.0.2258
HP Help and Support	Hewlett-Packard	29.06.2007	20,9 MB	1.0.0
HP Help and Support	HPQ	22.09.2010	0,35 MB	4.4.0002
HP Notebook Accessories Product Tour	Hewlett-Packard	29.06.2007	10,1 MB	13.0.0
HP ProtectTools Security Manager	Hewlett-Packard	29.06.2007	7,10 MB	3.00 A10
HP Quick Launch Buttons	Hewlett-Packard Company	03.11.2011	32,9 MB	6.50.14.1
HP SoftPaq Download Manager	Hewlett-Packard Company	30.06.2010	14,7 MB	3.0.5.0
HP Update	Hewlett-Packard	30.06.2010	2,97 MB	5.002.006.003
HP Wireless Assistant	Hewlett-Packard	29.06.2007	3,94 MB	3.00 F1
iMacros Version 7.5.1.1734	iOpus	04.11.2011	16,3 MB	7.5.1.1734
InterVideo DVD Check		02.03.2009	0,18 MB	
InterVideo WinDVD	InterVideo Inc.	02.03.2009	46,1 MB	5.0-B11.1164
Java(TM) 6 Update 26	Oracle	12.07.2011	97,1 MB	6.0.260
Java(TM) SE Runtime Environment 6	Sun Microsystems, Inc.	29.06.2007	115,2 MB	1.6.0.0
Join Air	ZTE Corporation	23.12.2010	22,6 MB	1.0.0.2
LightScribe System Software  1.10.16.1	hxxp://www.lightscribe.com	29.07.2010	19,2 MB	1.10.16.1
Malwarebytes' Anti-Malware Version 1.51.2.1300	Malwarebytes Corporation	27.11.2011	3,90 MB	1.51.2.1300
Microsoft .NET Framework 1.1		14.03.2009		
Microsoft .NET Framework 1.1 German Language Pack	Microsoft	29.06.2007	3,02 MB	1.1.4322
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	01.06.2010	37,0 MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	14.03.2009	37,0 MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	26.06.2010	120,3 MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	26.06.2010	24,5 MB	4.0.30319
Microsoft SQL Server 2005	Microsoft Corporation	03.06.2010	221 MB	
Microsoft SQL Server Native Client	Microsoft Corporation	30.05.2011	2,63 MB	9.00.5000.00
Microsoft SQL Server VSS Writer	Microsoft Corporation	30.05.2011	0,68 MB	9.00.5000.00
Microsoft Tool Web Package:Diruse.exe	Microsoft Corporation	31.08.2010	48,00 KB	1.0.0.1
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	01.06.2010	0,25 MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29 MB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	07.06.2011	0,58 MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	30.05.2011	1,41 MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	12.07.2010	0,23 MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	31.05.2010	0,58 MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,58 MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	23.10.2011	11,1 MB	10.0.40219
Microsoft Windows Performance Toolkit	Microsoft Corporation	06.09.2010	19,7 MB	4.6.0
Mozilla Firefox 12.0 (x86 de)	Mozilla	14.05.2012	69,7 MB	12.0
Mozilla Maintenance Service	Mozilla	14.05.2012	0,21 MB	12.0
MSCU for Microsoft Vista	Hewlett-Packard	29.06.2007	72,9 MB	1.0.1.3
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	14.03.2009	1,28 MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	01.06.2010	1,34 MB	4.20.9876.0
Multimedia keyboard utility		22.06.2010	1,91 MB	
MyDefrag v4.3.1	J.C. Kessels	23.06.2010	3,34 MB	4.0.0.0
Nero 8 Essentials	Nero AG	29.07.2010	1.632 MB	8.10.135
Nitro PDF Reader 2	Nitro PDF Software	13.09.2011	84,6 MB	2.0.0.29
Opera 10.51	Opera Software ASA	14.05.2012	28,2 MB	10.51
Orbit Downloader	www.orbitdownloader.com	13.05.2012	12,8 MB	
Paragon Partition Manager™ 11 Free Edition	Paragon Software	26.06.2010	45,1 MB	90.00.0003
Paragon System Backup 2010 Kompakt	Paragon Software	02.12.2010	111,0 MB	90.00.0003
PDF Complete		02.03.2009	24,8 MB	
PdfGrabber 6.0	PixelPlanet	28.09.2010	66,5 MB	6.0.0.0
PL-2303 USB-to-Serial		17.09.2010	1,02 MB	
Riot - Radical Image Optimization Tool		10.10.2011	1,25 MB	
Roxio Creator Audio	Roxio	29.06.2007	1,09 MB	3.3.0
Roxio Creator Basic v9	Roxio	29.06.2007	20,6 MB	3.3.0
Roxio Creator Copy	Roxio	29.06.2007	0,63 MB	3.3.0
Roxio Creator Data	Roxio	29.06.2007	0,96 MB	3.3.0
Roxio Creator Tools	Roxio	29.06.2007	0,34 MB	3.3.0
Roxio Express Labeler 3	Roxio	29.06.2007	16,3 MB	2.1.0
Roxio MyDVD Basic v9	Roxio	29.06.2007	297 MB	9.0.116
Sandboxie 3.54 (32-bit)		17.05.2011	3,14 MB	
ScanWizard 5		01.07.2010	3,45 MB	
SCR3xxx Smart Card Reader	SCM Microsystems	13.10.2010	3,06 MB	8.30
Security Task Manager 1.8d	Neuber Software	03.11.2011	2,75 MB	1.8d
SlickEdit 11.0.0		04.07.2010	120,5 MB	
soft Xpansion Perfect PDF 7 Reader	soft Xpansion	29.04.2011	22,7 MB	7.0.9.6
SoundMAX	Analog Devices	29.06.2007	56,00 KB	6.10.1.5180
Spybot - Search & Destroy	Safer Networking Limited	14.05.2012	52,5 MB	1.6.2
SSH Secure Shell		20.06.2010	0,84 MB	
ST Wiederherstellungs- & Sicherungsprogramme	Hewlett-Packard Company 	29.06.2007	18.775 MB	4.0.14
Streamripper (Remove only)		01.03.2011	6,30 MB	
StreamTransport version: 1.0.2.2171		23.04.2012	5,36 MB	
SumatraPDF	Krzysztof Kowalczyk	14.05.2012	8,52 MB	1.6
Synaptics Pointing Device Driver	Synaptics Incorporated	03.11.2011	32,8 MB	15.0.24.0
Uninstall 1.0.0.1		29.04.2011	62,8 MB	
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)	Microsoft Corporation	30.05.2011	30,6 MB	9.00.5000.00
USIM Editor 1.0.25.0		24.09.2011	17,3 MB	
Vista Default Settings	Hewlett-Packard	29.06.2007	0,27 MB	1.0.5.1
VLC media player 2.0.1	VideoLAN	03.04.2012	75,9 MB	2.0.1
Winamp	Nullsoft, Inc	01.03.2011	39,4 MB	5.601
Winamp Erkennungs-Plug-in	Nullsoft, Inc	01.03.2011	0,15 MB	1.0.0.1
Windows Installer Clean Up	Microsoft Corporation	12.02.2011	0,30 MB	3.00.00.0000
WinFuture xp-Iso-Builder 3.0.7	Tobias Schiek	14.06.2010	3,69 MB	
Xvid MPEG-4 Video Codec	Xvid Development Team	19.09.2011
3. Run HijackThis (alle Fenster gechlossen)
HijackThis.log
[code]
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 03:57:03, on 27.05.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhagent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\BatteryCare\BatteryCare.exe
C:\Program Files\dradio-Recorder\phonostarTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe
C:\Program Files\FRITZ!DSL\FwebProt.exe
C:\Program Files\FRITZ!DSL\StCenter.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\WINDOWS\System32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\s\Documents\OTL.exe
C:\Users\s\Documents\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [DBHAgent] C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhagent.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [dradio-RecorderTimer] C:\Program Files\dradio-Recorder\phonostarTimer.exe
O4 - HKCU\..\Run: [dradio-Recorder] C:\Program Files\dradio-Recorder\phonostarStarter.exe
O4 - HKCU\..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-2902011239-2132124238-3506956372-1006\..\Run: []  (User 's')
O4 - HKUS\S-1-5-18\..\Run: [FRITZ!protect] FwebProt.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [FRITZ!protect] FwebProt.exe (User 'Default user')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: AutoHotkey1.lnk = C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: Blau.lnk = D:\Windows\System32\cmd.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: Command Prompt.lnk = D:\Windows\System32\cmd.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: FRITZ!DSL Protect.lnk = C:\Program Files\FRITZ!DSL\FwebProt.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: FRITZ!DSL Startcenter.lnk = C:\Program Files\FRITZ!DSL\StCenter.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: Gelb.lnk = D:\Windows\System32\cmd.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: Grün.lnk = D:\Windows\System32\cmd.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: Rot.lnk = D:\Windows\System32\cmd.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: AutoHotkey1.lnk = C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: Blau.lnk = D:\Windows\System32\cmd.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: Command Prompt.lnk = D:\Windows\System32\cmd.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: FRITZ!DSL Protect.lnk = C:\Program Files\FRITZ!DSL\FwebProt.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: FRITZ!DSL Startcenter.lnk = C:\Program Files\FRITZ!DSL\StCenter.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: Gelb.lnk = D:\Windows\System32\cmd.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: Grün.lnk = D:\Windows\System32\cmd.exe (User 's')
O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: Rot.lnk = D:\Windows\System32\cmd.exe (User 's')
O4 - Startup: ClipMagic.lnk = C:\Program Files\ClipMagic3.2.3\clipmagic.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Free YouTube Download - C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: iMacros V7 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files\iOpus\iMacros\iMacrosSidebar.dll
O9 - Extra 'Tools' menuitem: iMacros Web Automation - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files\iOpus\iMacros\iMacrosSidebar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv32.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
O23 - Service: Paragon System Backup Dienst - Paragon Software Group - C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhservice.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9408 bytes
--- --- ---


Ist viel für Dich zu lesen und zu checken.
PS:
Ist es richtig, dass Trojaner / Viren mit portablen nichts anfangen können
oder es sich für Mafia&Co nicht lohnt, weil viel einfacher
in die Reg raffinierte Einträge zu plazieren?

Habe 1971 mit einer 360/44 (Kernspeicher auf 256 kB erweitert) angefangen, über die 360/165 mit 2MB bis zur 390 (0.05-2Mips) mit einem sagenhaften Adressraum von 16MB:
Hab damals einen Artikel gechrieben, wie man den erweitern konnte - statt dem BALR 15,14 mit BASR ... aber einen BLUESCREEN habe ich noch nie gehabt (wie Bill bei der
Vorführung seines revolutionären XP 2001) - 3 Jahre vorher war ein US-Kreuzer auf offener See wochenlang manövrierunfähig, weil das revolutionäre NT 3.51 abstürzte und niemand in der Lage war, irgend welche Werte zur Steuerung des Schiffes einzugeben. Jedenfalls hatte das Militär die Schnauze gestrichen voll von NT / XP.
Die sind glaube ich auf Ada und ein gehärtetes UNIX (BSD?) umgestiegen.
Na wenn das 1962 bei der Cuba-Krise so gelaufen wäre, würde ich nicht mehr leben und Du wärst gar nicht geboren worden....

vielen Dank nochmal von
Siggi30

PS. Spass muss doch sein nach so vielen öden Seiten Beweismaterial gegen die
russische Mafia... Mafiajäger Giovanni Falcone läst grüßen... 1992 500kg TNT unter der Autobahn bei Palermo... also sieh Dich vor...-
__________________
Alt 27.05.2012, 20:06   #4
kira
/// Helfer-Team
 
Firefox meldet anstelle meiner IP eine aus Moskau - Standard

Firefox meldet anstelle meiner IP eine aus Moskau


wann hast Du das Rootrepeal ausgeführt? kannst du mal bitte das Protokoll posten?

1.
Zitat:
Spybot
- würde ich nicht mehr empfehlen, da erfüllt nicht die neue Schutzanforderungen und Lösungen Schutz vor Malware bzw gegenüber ganz neuen Herausforderungen arbeitet nicht zufriedenstellend
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"...
► Falls Du doch es behalten möchtest:
Stelle bitte den TeaTimer ab:
Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident.
Deaktiviere hier den "Resident TeaTimer aktiv".
(Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben!

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
SRV - (ZLMM) -- Z:\Temp\ZLMM.exe File not found
SRV - (VBPYZIXBOQ) -- Z:\Temp\VBPYZIXBOQ.exe File not found
SRV - (TOWPQ) -- Z:\Temp\TOWPQ.exe File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (RWSX) -- Z:\Temp\RWSX.exe File not found
SRV - (NHLQNS) -- Z:\Temp\NHLQNS.exe File not found
SRV - (MEXQD) -- Z:\Temp\MEXQD.exe File not found
SRV - (FOJDVGF) -- Z:\Temp\FOJDVGF.exe File not found
SRV - (EEYGQKZIUNYL) -- Z:\Temp\EEYGQKZIUNYL.exe File not found
DRV - (rootrepeal) -- C:\Windows\system32\drivers\rootrepeal.sys File not found
DRV - (a9ry7opk) --  File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =http={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
[2012.05.27 02:28:31 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

3.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version für 64 Bit: Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

4.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

5.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

6.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

7.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    ATTFilter
    mbr.exe -t > C:\mbr.log & C:\mbr.log
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.
8.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!
Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!
Alt 29.05.2012, 00:03   #5
siggi30
 
Firefox meldet anstelle meiner IP eine aus Moskau - Standard

Firefox meldet anstelle meiner IP eine aus Moskau


1. ad rootrepeal u.ä.

AVIRA:
Code:
ATTFilter
15.05.2012 20:53 [Planer] Auftrag gestartet
      Auftrag "Vollständige Systemprüfung00"
      wurde erfolgreich gestartet.

16.05.2012 02:47 [System Scanner] Suchlauf
      Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
      Anzahl Dateien:	3350
      Anzahl Verzeichnisse:	0
      Anzahl Malware:	0
      Anzahl Warnungen:	0

Erstellungsdatum der Reportdatei: Mittwoch, 16. Mai 2012  01:00
...

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, G:, H:, Z:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Mittwoch, 16. Mai 2012  01:00

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'E:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'G:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'H:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'Z:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]   Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Am 16.5. 19:12 habe ich notiert:

nach mind. 1:37:20 Zeit
durchsuchte Objekte: 657410
Dateien: 3350
1 verstecktes Objekt gefunden.
ohne manuellen Abbruch stürzte der Scan ohne Protokoll ab.

RUNSCANNER:
Code:
ATTFilter
Creation time : 20.05.2012 11:44:44
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 9.0.8112.16421
OS : Windows Vista (TM) Home Basic
OS Build : 6002
OS SP : Service Pack 2
RunScanner Version : 2.0.0.60
...
Missing files
-------------
008 FwebProt.exe
010 Z:\Temp\EEYGQKZIUNYL.exe
010 Z:\Temp\FOJDVGF.exe
010 Z:\Temp\MEXQD.exe
010 Z:\Temp\NHLQNS.exe
010 Z:\Temp\RWSX.exe
010 Z:\Temp\TOWPQ.exe
010 Z:\Temp\VBPYZIXBOQ.exe
010 Z:\Temp\ZLMM.exe
011 c:\windows\system32\drivers\blbdrive.sys
011 c:\windows\system32\DRIVERS\ewusbmdm.sys
011 c:\windows\system32\DRIVERS\ipinip.sys
011 c:\windows\system32\DRIVERS\nwlnkflt.sys
011 c:\windows\system32\DRIVERS\nwlnkfwd.sys
011 C:\Windows\system32\drivers\rootrepeal.sys
011 c:\windows\system32\DRIVERS\VBoxNetFlt.sys
011 c:\windows\system32\DRIVERS\vmnetadapter.sys
012 FwebProt.exe
032 rdpclip
067 wlnotify.dll
2. Habe den TeaTimer deaktiviert.

3. Habe alles Java deinstalliert

5. CCleaner ist gelaufen.

6. GMER log:
Code:
ATTFilter
GMER Logfile:


	
Code: 

 
ATTFilter


  

	
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-28 23:38:27
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160821AS 

rev.3.BHE
Running: 9q8sbnmo.exe; Driver: C:\Users\a\AppData\Local\Temp\pxldypog.sys


---- System - GMER 1.0.15 ----

SSDT            8CA0E076                                                                       

                                     ZwCreateSection
SSDT            8CA0E080                                                                       

                                     ZwRequestWaitReplyPort
SSDT            8CA0E07B                                                                       

                                     ZwSetContextThread
SSDT            8CA0E085                                                                       

                                     ZwSetSecurityObject
SSDT            8CA0E08A                                                                       

                                     ZwSystemDebugControl
SSDT            8CA0E017                                                                       

                                     ZwTerminateProcess

INT 0x72        ?                                                                              

                                     85C24CB8
INT 0x72        ?                                                                              

                                     85C24CB8
INT 0x72        ?                                                                              

                                     85C24CB8
INT 0x72        ?                                                                              

                                     85C24CB8
INT 0x72        ?                                                                              

                                     85C24CB8
INT 0x81        ?                                                                              

                                     85805CB8
INT 0x82        ?                                                                              

                                     85C24CB8
INT 0x91        ?                                                                              

                                     85805CB8
INT 0xA1        ?                                                                              

                                     85805CB8
INT 0xA1        ?                                                                              

                                     85805CB8
INT 0xA1        ?                                                                              

                                     85805CB8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                  

                                     820ED8D8 4 Bytes  [76, E0, A0, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                  

                                     820EDBFC 4 Bytes  [80, E0, A0, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                  

                                     820EDC30 4 Bytes  [7B, E0, A0, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                  

                                     820EDC94 4 Bytes  [85, E0, A0, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                  

                                     820EDCDC 4 Bytes  [8A, E0, A0, 8C]
.text           ...
.text           sptd.sys                                                                       

                                     82609000 32 Bytes  [C0, 1E, 01, 82, 06, B1, 01, ...]
.text           sptd.sys                                                                       

                                     82609024 204 Bytes  [FA, F3, 07, 82, 41, EB, 12, ...]
.text           sptd.sys                                                                       

                                     826090F1 7 Bytes  [6C, 08, 82, F0, 67, 08, 82] {INSB ; OR 

[EDX-0x7df79810], AL}
.text           sptd.sys                                                                       

                                     826090F9 16 Bytes  [03, 06, 82, 0B, 41, 05, 82, ...]
.text           sptd.sys                                                                       

                                     8260910A 178 Bytes  [07, 82, E0, 69, 08, 82, 7C, ...]
.text           ...
.sptd2          C:\Windows\System32\Drivers\sptd.sys                                           

                                     entry point in ".sptd2" section [0x826B39E3]
?               C:\Windows\System32\Drivers\sptd.sys                                           

                                     Der Prozess kann nicht auf die Datei zugreifen, da sie 

von einem anderen Prozess verwendet wird.
PAGE            PCIIDEX.SYS!DllUnload                                                          

                                     82C655C0 5 Bytes  JMP 858091C8
PAGE            ataport.SYS!DllUnload                                                          

                                     82CCAB2E 5 Bytes  JMP 858051C8
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                       

                                     section is writeable [0x9060D000, 0x267978, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                          

                                     90BB241B 5 Bytes  JMP 85C241C8
.text           amrhm3mg.SYS                                                                   

                                     90D52000 230 Bytes  [60, 1F, 01, 82, 82, 53, 01, ...]
.text           amrhm3mg.SYS                                                                   

                                     90D520E7 31 Bytes  [00, 38, 0F, 00, 00, 00, 00, ...]
.text           amrhm3mg.SYS                                                                   

                                     90D52107 224 Bytes  [56, 09, 18, 08, DA, 0A, 9C, ...]
.text           amrhm3mg.SYS                                                                   

                                     90D521E8 253 Bytes  [5D, F8, 5C, 3A, 5E, 7C, 5F, ...]
.text           amrhm3mg.SYS                                                                   

                                     90D522E6 43 Bytes  [B9, B6, BC, F8, BD, 3A, BF, ...]
.text           ...
PAGE            spsys.sys!?SPVersion@@3PADA + 1ABF                                             

                                     81CBA03F 110 Bytes  [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE            spsys.sys!?SPVersion@@3PADA + 1B2F                                             

                                     81CBA0AF 1 Byte  [16]
PAGE            spsys.sys!?SPVersion@@3PADA + 1B2F                                             

                                     81CBA0AF 128 Bytes  [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE            spsys.sys!?SPVersion@@3PADA + 1BB0                                             

                                     81CBA130 6 Bytes  [0E, 83, 78, 14, 01, 75]
PAGE            spsys.sys!?SPVersion@@3PADA + 1BB7                                             

                                     81CBA137 2298 Bytes  [83, 78, 18, 37, 75, 02, B3, ...]
PAGE            ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]      

                                     [8260AEEE] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong]      

                                     [8260B20E] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]       

                                     [8260A70C] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!

AtaPortWritePortBufferUshort]                                    [8260B0CC] 

\SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]      

                                     [8260A832] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!

AtaPortReadPortBufferUshort]                                     [8260A8F0] 

\SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]             

                                     [8261EF56] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\System32\Drivers\amrhm3mg.SYS[HAL.dll!KfAcquireSpinLock]           

                                     B033D855
IAT             \SystemRoot\System32\Drivers\amrhm3mg.SYS[HAL.dll!KfReleaseSpinLock]           

                                     B089DC7D
IAT             \SystemRoot\System32\Drivers\amrhm3mg.SYS[storport.sys!StorPortPauseDevice]    

                                     00C4B033
IAT             \SystemRoot\System32\Drivers\amrhm3mg.SYS[storport.sys!StorPortResumeDevice]   

                                     CF330000
IAT             \SystemRoot\System32\Drivers\amrhm3mg.SYS[storport.sys!StorPortInitialize]     

                                     00A4B089
IAT             \SystemRoot\System32\Drivers\amrhm3mg.SYS[storport.sys!StorPortNotification]   

                                     B0330000
IAT             \SystemRoot\System32\Drivers\amrhm3mg.SYS[TDI.SYS!TdiDeregisterPnPHandlers]    

                                     000000A8
IAT             \SystemRoot\System32\Drivers\amrhm3mg.SYS[TDI.SYS!TdiRegisterPnPHandlers]      

                                     00CCB033
IAT             \SystemRoot\System32\Drivers\amrhm3mg.SYS[NETIO.SYS!WskDeregister]             

                                     ACB08918
IAT             \SystemRoot\System32\Drivers\amrhm3mg.SYS[NETIO.SYS!WskReleaseProviderNPI]     

                                     8B000000
IAT             \SystemRoot\System32\Drivers\amrhm3mg.SYS[NETIO.SYS!WskRegister]               

                                     77309534
IAT             \SystemRoot\System32\Drivers\amrhm3mg.SYS[NETIO.SYS!WskCaptureProviderNPI]     

                                     D98B90D7

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                         

                                     8580C1E8
Device          \FileSystem\fastfat \FatCdrom                                                  

                                     869CE430

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                        

                                     Wdf01000.sys (Kernelmodustreiber-

Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\usbohci \Device\USBPDO-0                                               

                                     85D20430
Device          \Driver\usbohci \Device\USBPDO-1                                               

                                     85D20430
Device          \Driver\usbohci \Device\USBPDO-2                                               

                                     85D20430
Device          \Driver\usbohci \Device\USBPDO-3                                               

                                     85D20430
Device          \Driver\usbohci \Device\USBPDO-4                                               

                                     85D20430
Device          \Driver\usbehci \Device\USBPDO-5                                               

                                     85D8C430

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                         

                                     hotcore3.sys (A part of Paragon System Utilities/Paragon 

Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                         

                                     hotcore3.sys (A part of Paragon System Utilities/Paragon 

Software Group)

Device          \Driver\cdrom \Device\CdRom0                                                   

                                     85D9D430
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                    

                                     8580B1E8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3                                    

                                     8580B1E8
Device          \Driver\atapi \Device\Ide\IdePort0                                             

                                     8580B1E8
Device          \Driver\atapi \Device\Ide\IdePort1                                             

                                     8580B1E8
Device          \Driver\atapi \Device\Ide\IdePort2                                             

                                     8580B1E8
Device          \Driver\atapi \Device\Ide\IdePort3                                             

                                     8580B1E8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                         

                                     hotcore3.sys (A part of Paragon System Utilities/Paragon 

Software Group)

Device          \Driver\cdrom \Device\CdRom1                                                   

                                     85D9D430

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                         

                                     hotcore3.sys (A part of Paragon System Utilities/Paragon 

Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                         

                                     hotcore3.sys (A part of Paragon System Utilities/Paragon 

Software Group)

Device          \Driver\netbt \Device\NetBt_Wins_Export                                        

                                     861D51E8
Device          \Driver\Smb \Device\NetbiosSmb                                                 

                                     85F5B430
Device          \Driver\PCI_PNP9962 \Device\0000005a                                           

                                     sptd.sys
Device          \Driver\iScsiPrt \Device\RaidPort0                                             

                                     85DAE430
Device          \Driver\usbohci \Device\USBFDO-0                                               

                                     85D20430
Device          \Driver\usbohci \Device\USBFDO-1                                               

                                     85D20430
Device          \Driver\usbohci \Device\USBFDO-2                                               

                                     85D20430
Device          \Driver\usbohci \Device\USBFDO-3                                               

                                     85D20430
Device          \Driver\usbohci \Device\USBFDO-4                                               

                                     85D20430
Device          \Driver\netbt \Device\NetBT_Tcpip_{9C0A94B8-C110-4DAB-A31F-5D9A3ED781D1}       

                                     861D51E8
Device          \Driver\usbehci \Device\USBFDO-5                                               

                                     85D8C430
Device          \Driver\amrhm3mg \Device\Scsi\amrhm3mg1                                        

                                     85D11430
Device          \Driver\amrhm3mg \Device\Scsi\amrhm3mg1Port5Path0Target0Lun0                   

                                     85D11430
Device          \FileSystem\fastfat \Fat                                                       

                                     869CE430

AttachedDevice  \FileSystem\fastfat \Fat                                                       

                                     fltmgr.sys (Microsoft Dateisystem-Filter-

Manager/Microsoft Corporation)

Device          \FileSystem\cdfs \Cdfs                                                         

                                     867EC430

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641f5daa9
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                             

                                     771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                             

                                     285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                             

                                     1
Reg             

HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg             

HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0            

                     0x00 0x00 0x00 0x00 ...
Reg             

HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0            

                     0
Reg             

HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12         

                     0xCA 0x05 0xB3 0x4B ...
Reg             

HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0            

                     C:\Program Files\DAEMON Tools Lite\
Reg             

HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg             

HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf1

2                     0xB0 0x5B 0x9F 0xF9 ...
Reg             

HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0   

                     0xA0 0x02 0x00 0x00 ...
Reg             

HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg             

HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

\gdq0@hdf12                0xA2 0x42 0x1D 0xA4 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not 

active ControlSet)
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641f5daa9 (not 

active ControlSet)
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC 

(not active ControlSet)
Reg             HKLM\SYSTEM\ControlSet003

\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     

0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003

\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet003

\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  

0xCA 0x05 0xB3 0x4B ...
Reg             HKLM\SYSTEM\ControlSet003

\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     

C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003

\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg             HKLM\SYSTEM\ControlSet003

\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         

0xB0 0x5B 0x9F 0xF9 ...
Reg             HKLM\SYSTEM\ControlSet003

\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            

0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003

\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg             HKLM\SYSTEM\ControlSet003

\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    

0xA2 0x42 0x1D 0xA4 ...

---- EOF - GMER 1.0.15 ----
         
 
--- --- ---
7. MBR
Code:
ATTFilter
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: ST9160821AS rev.3.BHE -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8580B1E8]<< 
1 ntkrnlpa!IofCallDriver[0x82085936] -> \Device\Harddisk0\DR0[0x85A83AC8]
3 CLASSPNP[0x8A5A78B3] -> ntkrnlpa!IofCallDriver[0x82085936] -> [0x85A8D610]
5 acpi[0x827266BC] -> ntkrnlpa!IofCallDriver[0x82085936] -> \Device\Ide\IdeDeviceP0T0L0-0[0x85A89580]
\Driver\atapi[0x84A8C5E0] -> IRP_MJ_CREATE -> 0x8580B1E8
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x8580b1e8
user & kernel MBR OK 
copy of MBR has been found in sector 1 !
copy of MBR has been found in sector 62 !
Warning: possible MBR rootkit infection !
8. OTL: otl.txt
Code:
ATTFilter
\OTL Logfile:


	
Code: 

 
ATTFilter


  

	
OTL logfile created on: 29.05.2012 00:18:04 - Run 6
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\s\Documents
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 38,97% Memory free
3,76 Gb Paging File | 1,80 Gb Available in Paging File | 47,71% Paging File free
Paging file location(s): c:\pagefile.sys 16 1024z:\pagefile.sys 900 920 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,11 Gb Total Space | 10,27 Gb Free Space | 26,25% Space Free | Partition Type: NTFS
Drive D: | 7,59 Gb Total Space | 0,65 Gb Free Space | 8,52% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,21% Space Free | Partition Type: NTFS
Drive G: | 61,52 Gb Total Space | 0,38 Gb Free Space | 0,61% Space Free | Partition Type: NTFS
Drive H: | 39,27 Gb Total Space | 3,42 Gb Free Space | 8,71% Space Free | Partition Type: NTFS
Drive Z: | 1023,00 Mb Total Space | 75,66 Mb Free Space | 7,40% Space Free | Partition Type: FAT32
 
Computer Name: S-PC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.27 02:20:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\s\Documents\OTL.exe
PRC - [2012.05.08 13:30:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 13:29:59 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 13:29:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 13:29:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.03.15 16:21:24 | 000,041,472 | ---- | M] () -- C:\Program Files\dradio-Recorder\phonostarTimer.exe
PRC - [2011.06.21 19:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
PRC - [2010.10.11 16:54:58 | 000,150,096 | ---- | M] (Paragon Software Group) -- C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhservice.exe
PRC - [2010.10.11 16:54:58 | 000,068,176 | ---- | M] (Paragon Software Group) -- C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhagent.exe
PRC - [2010.06.10 21:50:48 | 000,245,248 | ---- | M] () -- C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe
PRC - [2009.11.11 15:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.07.28 16:07:42 | 000,073,528 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
PRC - [2009.07.20 11:01:00 | 000,760,120 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\StCenter.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe
PRC - [2009.04.09 12:45:26 | 001,061,688 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\FwebProt.exe
PRC - [2008.01.19 09:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
PRC - [1998.03.18 19:26:00 | 000,722,432 | ---- | M] () -- C:\users\s\PROGS\VS\win\VS.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.15 16:21:24 | 000,041,472 | ---- | M] () -- C:\Program Files\dradio-Recorder\phonostarTimer.exe
MOD - [2010.06.10 21:50:48 | 000,245,248 | ---- | M] () -- C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe
MOD - [2010.02.11 07:30:38 | 000,159,744 | ---- | M] () -- C:\WINDOWS\System32\atitmmxx.dll
MOD - [1998.03.18 19:26:00 | 000,722,432 | ---- | M] () -- C:\users\s\PROGS\VS\win\VS.EXE
MOD - [1998.03.18 19:26:00 | 000,026,112 | ---- | M] () -- C:\users\s\PROGS\VS\win\VCHACK.DLL
MOD - [1998.03.18 19:26:00 | 000,012,800 | ---- | M] () -- C:\users\s\PROGS\VS\win\VSAPI.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.14 12:57:51 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 13:30:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 13:29:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.09.25 21:35:38 | 000,065,536 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\afasrv32.exe -- (AfaService)
SRV - [2011.06.21 19:57:40 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2011.03.24 13:24:34 | 000,072,936 | ---- | M] (SANDBOXIE L.T.D) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010.10.11 16:54:58 | 000,150,096 | ---- | M] (Paragon Software Group) [On_Demand | Running] -- C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhservice.exe -- (Paragon System Backup Dienst)
SRV - [2010.04.27 17:57:32 | 000,247,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.11.25 16:02:46 | 000,172,032 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe -- (bepldr6PixelPlanetService)
SRV - [2009.07.28 16:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.05.08 08:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007.04.16 03:00:06 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.02.06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\a\AppData\Local\Temp\pxldypog.sys -- (pxldypog)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\a\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (amrhm3mg)
DRV - [2012.05.08 13:30:00 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 13:30:00 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.16 01:06:07 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sptd.sys -- (sptd)
DRV - [2011.09.16 16:08:08 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.03.24 13:24:30 | 000,126,696 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010.12.02 05:34:32 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2010.10.11 16:54:58 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2010.07.02 14:29:29 | 000,008,864 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2010.06.25 16:01:16 | 000,100,496 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010.02.25 02:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300)
DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010.01.05 12:31:28 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.01.05 12:31:28 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.01.05 12:31:28 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010.01.05 12:31:28 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.10.08 16:55:34 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.06 11:20:26 | 000,039,552 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2009.04.30 23:07:15 | 000,012,288 | ---- | M] (gavotte) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\rramdisk.sys -- (RRamdisk)
DRV - [2009.04.29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2008.11.21 22:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.07.26 22:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Program Files\BatteryCare\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2008.01.19 07:50:28 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ramdisk.sys -- (Ramdisk)
DRV - [2007.10.18 04:41:00 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007.04.10 15:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2006.11.22 10:52:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM)
DRV - [2006.11.02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.10.30 13:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006.09.05 10:33:12 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\DGIVECP.SYS -- (DgiVecp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soft-xpansion/npsxpdf: C:\Program Files\Common Files\soft Xpansion\np-sxpdf.dll (soft Xpansion)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.15 17:50:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.14 01:59:32 | 000,000,000 | ---D | M]
 
[2010.07.22 14:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions
[2011.11.08 23:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions
[2010.11.10 15:44:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.30 17:21:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.14 03:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions
[2010.08.09 14:01:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.24 14:22:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.30 17:21:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.15 17:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.13 19:38:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DBHAgent] C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhagent.exe (Paragon Software Group)
O4 - HKCU..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [dradio-Recorder] C:\Program Files\dradio-Recorder\phonostarStarter.exe ()
O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files\dradio-Recorder\phonostarTimer.exe ()
O4 - Startup: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipMagic.lnk = C:\Program Files\ClipMagic3.2.3\clipmagic.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: iMacros V7 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files\iOpus\iMacros\iMacrosSidebar.dll ()
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C0A94B8-C110-4DAB-A31F-5D9A3ED781D1}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img17.jpg
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.28 02:17:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.23 01:35:39 | 000,000,000 | ---D | C] -- C:\vslick
[2012.05.20 11:42:57 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Runscanner.net
[2012.05.15 23:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.05.15 17:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.15 16:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2012.05.15 16:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012.05.15 16:27:36 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Secunia PSI (BETA)
[2012.05.14 03:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012.05.14 02:00:04 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Seven Zip
[2012.05.13 20:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\ZZattoo4
[2012.05.09 11:00:14 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.09 11:00:14 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.09 11:00:14 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.09 11:00:14 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.09 11:00:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.09 11:00:13 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.09 11:00:12 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.09 11:00:12 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.28 23:32:09 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.28 23:32:09 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.28 23:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.28 22:18:19 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.05.28 13:39:50 | 000,658,316 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.28 13:39:50 | 000,615,986 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.28 13:39:50 | 000,151,598 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.28 13:39:50 | 000,117,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.28 13:32:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.15 23:50:40 | 000,001,015 | ---- | M] () -- C:\Users\a\Desktop\Spybot - Search & Destroy.lnk
[2012.05.15 17:50:21 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.15 16:35:06 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.15 15:37:52 | 000,001,683 | ---- | M] () -- C:\Users\Public\Desktop\ClipMagic.lnk
[2012.05.14 12:57:51 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.14 12:57:51 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.14 12:01:50 | 000,439,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.14 03:16:43 | 000,000,848 | ---- | M] () -- C:\Users\a\Desktop\Orbit.lnk
[2012.05.08 14:31:09 | 004,140,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012.05.08 13:30:00 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 13:30:00 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2012.05.28 23:42:52 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.05.15 23:50:40 | 000,001,015 | ---- | C] () -- C:\Users\a\Desktop\Spybot - Search & Destroy.lnk
[2012.05.15 16:33:01 | 000,001,674 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
[2012.03.20 01:07:27 | 000,003,474 | ---- | C] () -- C:\Windows\System32\NANSI.SYS
[2012.03.11 22:13:38 | 000,112,128 | RH-- | C] () -- C:\Windows\CdaC14BA.DLL
[2012.03.11 22:13:38 | 000,030,720 | RH-- | C] () -- C:\Windows\CdaC13BA.EXE
[2012.02.24 23:23:17 | 000,017,408 | ---- | C] () -- C:\Users\a\AppData\Local\WebpageIcons.db
[2011.09.25 21:35:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\afasrv32.exe
[2011.09.19 22:51:16 | 000,821,182 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.09.19 22:51:16 | 000,251,575 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.06.28 14:18:31 | 000,006,808 | ---- | C] () -- C:\Windows\System32\HWACCESS.SYS
[2011.04.27 16:14:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.23 04:12:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.19 17:56:19 | 000,004,608 | ---- | C] () -- C:\Users\a\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.25 17:15:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.10.14 02:24:08 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2010.10.04 07:29:11 | 000,000,035 | ---- | C] () -- C:\Windows\Ulead32.INI
[2010.09.29 15:03:25 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2010.09.23 11:12:36 | 000,029,752 | ---- | C] () -- C:\Windows\System32\oeminfo.ini
[2010.09.18 01:16:00 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2010.08.07 00:38:29 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.07.16 11:09:05 | 000,000,089 | ---- | C] () -- C:\Users\a\AppData\Local\fusioncache.dat
[2010.07.09 15:49:14 | 002,648,064 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2010.07.02 14:29:29 | 000,008,864 | ---- | C] () -- C:\Windows\System32\drivers\CDAC15BA.SYS
[2010.07.02 03:23:33 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys
[2010.07.02 03:23:33 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys
[2010.06.21 03:06:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.06.20 18:06:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.06.20 18:06:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.06.09 17:45:19 | 000,010,414 | ---- | C] () -- C:\Windows\recORDER.DLL
 
========== LOP Check ==========
 
[2011.10.26 02:07:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\AbiSuite
[2011.06.09 02:43:33 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\AllDup
[2011.11.29 11:46:39 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\BatteryCare
[2010.07.10 14:19:24 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Bytemobile
[2012.05.27 00:01:26 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ClipMagic
[2012.02.06 00:39:49 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Copernic
[2011.08.10 15:47:16 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\DAEMON Tools Lite
[2011.04.30 17:20:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\DVDVideoSoft
[2011.04.30 17:21:14 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.31 03:38:20 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\enchant
[2011.05.10 14:54:38 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Foxit Software
[2010.08.27 18:58:25 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\FRITZ!
[2010.08.27 17:14:15 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2010.07.18 14:05:54 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\GrabPro
[2011.09.03 03:27:06 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\IrfanView
[2011.10.25 02:08:42 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Nitro PDF
[2011.09.17 15:04:22 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\OpenOffice.org
[2011.02.09 16:11:18 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Opera
[2012.05.15 18:39:58 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Orbit
[2010.08.24 10:45:43 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\phonostar GmbH
[2010.09.29 17:02:13 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\PixelPlanet
[2010.07.18 14:15:04 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ProgSense
[2012.05.20 11:42:57 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Runscanner.net
[2010.09.01 00:24:00 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\SampleView
[2010.10.14 02:59:35 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\SCCmdr
[2011.03.02 21:03:41 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\streamripper
[2012.05.14 03:56:05 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Tobit
[2012.05.28 06:44:40 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
 
--- --- ---
extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.05.2012 00:18:04 - Run 6
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\s\Documents
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 38,97% Memory free
3,76 Gb Paging File | 1,80 Gb Available in Paging File | 47,71% Paging File free
Paging file location(s): c:\pagefile.sys 16 1024z:\pagefile.sys 900 920 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,11 Gb Total Space | 10,27 Gb Free Space | 26,25% Space Free | Partition Type: NTFS
Drive D: | 7,59 Gb Total Space | 0,65 Gb Free Space | 8,52% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,21% Space Free | Partition Type: NTFS
Drive G: | 61,52 Gb Total Space | 0,38 Gb Free Space | 0,61% Space Free | Partition Type: NTFS
Drive H: | 39,27 Gb Total Space | 3,42 Gb Free Space | 8,71% Space Free | Partition Type: NTFS
Drive Z: | 1023,00 Mb Total Space | 75,66 Mb Free Space | 7,40% Space Free | Partition Type: FAT32
 
Computer Name: S-PC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B8751A4-5B31-4217-A3DA-7BE4F530A9EC}" = lport=5031 | protocol=17 | dir=in | name=fritz!fax | 
"{4311E7C3-20E4-4D21-B23A-2BC9D49A56D8}" = lport=5031 | protocol=6 | dir=in | name=fritz!fax | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E8E8BA7-20F1-4AA9-961B-24716CE9F621}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{214945B1-DF4A-47BD-B46F-F1FD40CB38F2}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{258B8560-665F-4EB4-A713-1C0C12CE11E7}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{534E57DE-1227-4B3F-9945-6087CB58C8E1}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{F18F10CF-29F6-4FAF-AB6C-16BD8206F2C3}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{FFFCA850-EB75-446B-96C5-9317C29270FA}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"TCP Query User{2346E1BB-EE88-497A-B00D-52C53E28D1F3}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"TCP Query User{2510455A-6071-4D01-80B2-80B09865A36C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{2885F1E1-D71B-43F6-ACA3-6AF1EC7BC491}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{37929E9C-9EBC-47E3-8A69-F4286C5C1F67}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"TCP Query User{41857EBA-8200-45DA-BBD0-DC3911139C13}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{45B27707-F5EF-4EA1-AE6B-FEAF183AE302}C:\program files\streamtransport\streamtransport.exe" = protocol=6 | dir=in | app=c:\program files\streamtransport\streamtransport.exe | 
"TCP Query User{6526EE2E-10AE-4B09-85B9-033ADF45AA83}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{8C0579C7-19FC-453C-A9FA-E42453FB2762}C:\users\s\progs\operator-3.5\operator\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\s\progs\operator-3.5\operator\opera\opera.exe | 
"TCP Query User{937786F6-986C-4A69-A456-3432E70C0473}C:\program files\dradio-recorder\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe | 
"TCP Query User{B39DC996-52D0-4506-B7BC-F82508273381}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{B3DA92A7-E724-4DBA-B8C9-31222226B6C1}C:\users\s\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\s\appdata\local\programs\opera\opera.exe | 
"TCP Query User{D43FB94E-CB63-47C6-A7D6-D7E3673C0D62}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E177F89D-6B7E-444D-AF45-C0656755EA69}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{0B83AD9A-A6C7-4054-9260-FA3A014B1B04}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{523D9602-44B7-41F5-86CE-B2AA4F5BC93E}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{54242905-AA7C-4398-B315-7AA5236EB552}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{5DE0D0A5-CBEC-48E9-A23B-E998143B77D1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{72E49E3F-9788-4522-865C-08B49E08D7AE}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
"UDP Query User{8B9E857B-13D6-4B17-9D73-27DAB6879DE0}C:\users\s\progs\operator-3.5\operator\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\s\progs\operator-3.5\operator\opera\opera.exe | 
"UDP Query User{93F5F0D9-1E96-466B-98FB-DF69627995F1}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
"UDP Query User{A3CCF800-8A38-4A40-A1CC-9B79165F54A0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{B63C3A3D-3CDF-477E-89FD-B496F34BCC6C}C:\program files\streamtransport\streamtransport.exe" = protocol=17 | dir=in | app=c:\program files\streamtransport\streamtransport.exe | 
"UDP Query User{CAC5ACF6-09C7-4E45-A5F4-D177C4975C51}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{CC4F21BF-D219-4990-8A35-336652B28D6A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{E9C311BF-D0C9-4696-A6CB-F91D2DDC0B63}C:\users\s\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\s\appdata\local\programs\opera\opera.exe | 
"UDP Query User{EF5D3869-BFE4-4050-9B5B-EBD1C00E08E6}C:\program files\dradio-recorder\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{02C03AE0-E898-5C22-AFD4-877466FFBD98}" = CCC Help English
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FB18CF-3F76-43AC-0F02-B2DC201D27F4}" = Catalyst Control Center Localization Thai
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15ADCB87-FB9D-BE4B-89EB-A5439DADACEB}" = CCC Help Japanese
"{160FB2C2-37D9-C291-9B79-B660241AD747}" = Catalyst Control Center Localization Dutch
"{19CA53A9-E256-6AF1-28FA-EE61A88886CA}" = Catalyst Control Center Localization Chinese Traditional
"{1A239B49-FDA5-8BCF-05E9-15C69A8591F7}" = Catalyst Control Center Localization Swedish
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1E1DFF42-2EE8-4852-A7AB-C5174321D68F}" = Paragon System Backup 2010 Kompakt
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{228FAF8F-3380-6579-E37D-8AE663A543EE}" = CCC Help Russian
"{24190661-2122-40D1-9F7C-8FDEA5AE4197}" = Microsoft Windows Performance Toolkit
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2692EC5B-A136-5340-C10C-4FA987FBA569}" = Catalyst Control Center Localization Spanish
"{279F3807-2744-5B05-1CD5-612097502559}" = CCC Help Polish
"{27A94385-A7BD-17DA-3827-E54A3B203E7C}" = CCC Help Chinese Traditional
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2B5BC746-6594-F319-D806-BA97C1B3D8E9}" = Catalyst Control Center Localization Japanese
"{2C7B74E7-5F26-4568-BAD5-9A49837E9211}" = Linguatec Voice Reader Studio
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{2E2499C1-D876-D3A5-5329-23719AF4EEA5}" = CCC Help French
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine für Tevion
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3583F14B-42A8-C383-37B1-6186DD87BA46}" = Catalyst Control Center Localization Korean
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B1815F1-A388-CBA9-439E-8D97D0A9C6FB}" = CCC Help Portuguese
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9}" = ccc-Branding
"{4282CA13-4119-B9F9-A13D-F7E8C61978F9}" = CCC Help Turkish
"{45F4941E-5E77-11DF-A71D-005056C00008}" = Paragon Partition Manager™ 11 Free Edition
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{4BE43829-C099-4188-9700-67521E912184}_is1" = DSL-Turbo
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{523DF39E-DF7D-488F-8022-783946571031}" = Nero 8 Essentials
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{541847E5-E8C5-075B-9F2B-2FF2A3C971C1}" = Catalyst Control Center Localization Hungarian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B1E200F-327D-AA06-4990-8E1505DFC754}" = CCC Help Greek
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5E156316-7276-D0B6-D6CD-A356B897FAB3}" = CCC Help Hungarian
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{6276CABC-7E19-4945-9A9C-3549D965E687}" = CCC Help Danish
"{6368D4AE-BFC1-4AAD-25AD-7EBA1CDEAFF0}" = CCC Help Thai
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{67D3B081-1389-D544-6889-3E3BA2691171}" = CCC Help Korean
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BA9955E-1F40-7E11-1488-228DAEFB0FD8}" = CCC Help Italian
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{6E8C9958-A445-06B7-9180-F1C546E90B6B}" = Catalyst Control Center Localization Chinese Standard
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{75918444-A9D8-86F4-3644-08917713894F}" = CCC Help German
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{835CEF5E-4CAC-4904-AD80-52AD0D158BB7}" = SCR3xxx Smart Card Reader
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8B3CDDCA-0913-D8CE-F4E1-E0F8D0200B87}" = CCC Help Norwegian
"{8CC5F040-44F2-4FB7-9720-47F53F96D180}" = MSCU for Microsoft Vista
"{8D1AA5F7-CF6B-40F1-A783-2E19E384E1B0}" = Microsoft Tool Web Package:Diruse.exe
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C4AED81-8040-28D3-FCE3-E87DC2B948EC}" = Catalyst Control Center Localization German
"{9C5118F7-E26D-4fc0-B7F4-4A067A0808FA}_is1" = iMacros Version 7.5.1.1734
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A1A34147-C621-1D90-3C27-D90CF2E1ADFA}" = CCC Help Czech
"{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AA2F07A9-7EB5-4185-BAA9-A02F56F1396A}" = CCC Help Dutch
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B33E503B-8A82-E0EF-1ABE-06BF0489A6F9}" = CCC Help Swedish
"{B37EF14D-E5EC-4743-B577-188B5B421C17}" = soft Xpansion Perfect PDF 7 Reader
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A7937C-B0B5-1040-FC2E-EB05872EF72C}" = Catalyst Control Center Localization Turkish
"{B7F2B452-4461-88FF-EFD0-8E888D1A4C2D}" = CCC Help Spanish
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC281B89-4AF1-D881-ABB3-853444E7C1D5}" = Catalyst Control Center Localization Greek
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C41A421C-59F6-8393-014A-F655460AD5F5}" = CCC Help Finnish
"{C6271F2D-3D0A-439B-BD78-584E017C636E}" = Vista Default Settings
"{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1" = BatteryCare 0.9.8.10
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02B9787-3152-A4A0-43E9-AF5E62715D4E}" = Catalyst Control Center Localization Polish
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DB11E77A-8184-C8D3-55DF-73F937EE2F3D}" = Catalyst Control Center Localization Norwegian
"{DDDBC1AF-504A-3E17-4A74-E8C69D2C0D0E}" = Catalyst Control Center Localization Finnish
"{DFE967A8-9C30-413C-B2D5-C0D576949553}" = ESU for Microsoft Vista
"{E03D8FE4-70BF-26F8-DA3B-974E3A561308}" = CCC Help Chinese Standard
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E25074CB-A222-3A2D-0542-CC5BAD57ED76}" = Catalyst Control Center Localization Russian
"{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software  1.10.16.1
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EDF3EEF2-F0B9-440B-B8B9-A61F2DA8C78A}" = fortePivot
"{EF6CEC13-B014-8BD5-5E56-78E68494A167}" = Catalyst Control Center Localization Italian
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F4144B54-EA3B-72F5-D464-211A1D7BAB95}" = Catalyst Control Center Localization Portuguese
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F5ED909F-8571-4B03-B200-6087F32CD973}" = Nitro PDF Reader 2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B5554B-5CDE-4D16-9ACF-00BFB1ACD668}" = HP BIOS Configuration for ProtectTools
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FAFC99FB-4361-7B69-AF2B-87A60406B60C}" = Catalyst Control Center Localization French
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7sDoc-lite 1.3.0_is1" = 7sDoc-lite 1.3.0
"ABBYY FineReader 5.0 Pro" = ABBYY FineReader 5.0 Pro
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ASIO4ALL" = ASIO4ALL
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Free Antivirus
"Browser Mouse" = Browser Mouse
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Card Reader Driver and USIM Editor Program_is1" = USIM Editor 1.0.25.0
"CdaC13Ba" = Cda Product Service - shared component
"CHIPDRIVE Smartcard Commander_CDInst21" = CHIPDRIVE Smartcard Commander
"Chipkartenleser" = Chipkartenleser
"ClipMagic_3.1" = ClipMagic 3.2.3
"DAEMON Tools Lite" = DAEMON Tools Lite
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.5
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Flash Memory Toolkit trial_is1" = Flash Memory Toolkit trial 2.01
"Foxit Creator" = Foxit Creator
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free Studio_is1" = Free Studio version 5.0.9
"Gadwin PrintScreen" = Gadwin PrintScreen
"GPL Ghostscript 9.02" = GPL Ghostscript
"GSview 4.9" = GSview 4.9
"HD Tune_is1" = HD Tune 2.55
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Multimedia keyboard utility" = Multimedia keyboard utility
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"Orbit_is1" = Orbit Downloader
"PDF Complete" = PDF Complete
"Riot" = Riot - Radical Image Optimization Tool
"Sandboxie" = Sandboxie 3.54 (32-bit)
"Security Task Manager" = Security Task Manager 1.8d
"SlickEdit 11.0.0" = SlickEdit 11.0.0
"Streamripper" = Streamripper (Remove only)
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.7
"xvid" = Xvid MPEG-4 Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

[/code]

IP-Adresse: 188.93.20.179
Provider: Selectel
Organisation: Selectel Network

Karte zeigt Sibirien

fritz.box:
An error has occurred: {"stack":"Error: ENOTFOUND, Domain name not found\n at IOWatcher.callback (dns.js:74:15)","message":"ENOTFOUND, Domain name not found

Auch abgesicherter Start (keine Erweiterungen) ändert nichts.

Firefox beendet.


Aber: Firefox mit einem anderen Profil findet fritz.box und
wieistmeineip ist richtig.


Alt 29.05.2012, 09:55   #6
kira
/// Helfer-Team
 
Firefox meldet anstelle meiner IP eine aus Moskau - Standard

Firefox meldet anstelle meiner IP eine aus Moskau


Vermutlich das bösartige MBR-Rootkit hat sich im MBR festgesetzt...
Der Master Boot Record (MBR) der ersten Festplatte wird beim Start des Rechners geladen, noch vor dem Betriebssystem. Code, der Dort residiert, kann im Prinzip das Betriebssystem kontrollieren.

Hast Du Vista-CD?
__________________
--> Firefox meldet anstelle meiner IP eine aus Moskau

Antwort

Themen zu Firefox meldet anstelle meiner IP eine aus Moskau
administrator, antivir, audio, automatische, bluescreen, cache, check, dns, firefox, home, internet, ip verbogen nach moskau, ip-adresse, neues, not, plötzlich, problem, recovery, server, sp2, system, texte, tools, traffic, vista, windows


« Entschlüsselungsprogramme funktionieren nicht | Windows XP Pro bleibt nach Virenbekämpfung beim hochfahren hängen »


Ähnliche Themen: Firefox meldet anstelle meiner IP eine aus Moskau


  1. Yahoo anstelle von Google
    Log-Analyse und Auswertung - 26.11.2015 (41)
  2. Tabs mit Werbung öffnen sich, anstelle der gewünschten Aktion (Firefox)
    Plagegeister aller Art und deren Bekämpfung - 15.08.2015 (8)
  3. Fenster öffnen sich selbstständig bei jedem meiner Browser (Chrom / IE / Firefox )
    Plagegeister aller Art und deren Bekämpfung - 22.01.2015 (25)
  4. avast! meldet: URL Mal - https://54.186.138.97 - firefox.exe / Firefox addons unter anderem QueenaCouppoN
    Plagegeister aller Art und deren Bekämpfung - 31.12.2014 (4)
  5. Windows 7 64-bit: laut Windows ist Avast (VistHaux.exe) deaktiviert; eine meiner Emailadressen war auf der BSI-Liste
    Log-Analyse und Auswertung - 26.01.2014 (3)
  6. Windows 7: Ständig Werbeseite Anstelle der Startseite und Reinigungstool macht Probleme
    Log-Analyse und Auswertung - 14.01.2014 (15)
  7. Avast meldet Trojaner auf meiner Website?
    Plagegeister aller Art und deren Bekämpfung - 09.06.2013 (13)
  8. Hätte gerne eine Auswertung meiner HJT-logfiles und meiner OTL+Extras-logfiles
    Log-Analyse und Auswertung - 26.07.2012 (15)
  9. Moskau - Plötzlich langsame Internetverbindung trotz gutem Netzwerk
    Log-Analyse und Auswertung - 18.06.2012 (35)
  10. Falsche Websites (T-Online Navigationshilfe anstelle von Youtube)
    Plagegeister aller Art und deren Bekämpfung - 21.09.2011 (6)
  11. kasperski meldet firefox als virus
    Plagegeister aller Art und deren Bekämpfung - 27.06.2011 (11)
  12. Verknüpfungen anstelle Ordnern auf externen Speichermedien
    Log-Analyse und Auswertung - 27.06.2011 (2)
  13. habe seit kurzen in arma2 anstelle von 60 nur noch 7fps
    Log-Analyse und Auswertung - 23.09.2010 (1)
  14. Firefox öffnet Tabs mit Werbung / Anstelle einer verlinkten URL öffnet sich Werbung
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (4)
  15. Anitivir meldet eine Datei
    Plagegeister aller Art und deren Bekämpfung - 17.10.2007 (3)
  16. Trojaner/Wurm? Firefox verschlingt 40%meiner Cpu und will als server agieren
    Log-Analyse und Auswertung - 24.07.2007 (4)
  17. Antivir meldet mir eine infizierte Datei.
    Plagegeister aller Art und deren Bekämpfung - 05.01.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Firefox meldet anstelle meiner IP eine aus Moskau - Compaq 4715s 3GB + 1GB RamDisk, Vista Home 6.0.6002 SP2 aut. Updates Fritz.Box 7112 neueste Aktuell installierte Firmware-Version: 87.04.87 verbunden seit 26.05.2012, 03:15 Uhr, 1&1 Internet, IP-Adresse: 89.12.38.21 Opera wieistmeineip: - Firefox meldet anstelle meiner IP eine aus Moskau...
Archiv
Du betrachtest: Firefox meldet anstelle meiner IP eine aus Moskau auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130