|
Plagegeister aller Art und deren Bekämpfung: Firefox meldet anstelle meiner IP eine aus MoskauWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.05.2012, 02:44 | #1 |
| Firefox meldet anstelle meiner IP eine aus Moskau Compaq 4715s 3GB + 1GB RamDisk, Vista Home 6.0.6002 SP2 aut. Updates Fritz.Box 7112 neueste Aktuell installierte Firmware-Version: 87.04.87 verbunden seit 26.05.2012, 03:15 Uhr, 1&1 Internet, IP-Adresse: 89.12.38.21 Opera wieistmeineip: Ihre IP-Adresse ist : 89.12.38.21 Firefox wieistmeineip: 46.31.26.12 utrace: IP-Adresse: 46.31.26.12 Provider: ZAO Kapstroytelecom Organisation: ZAO Kapstroy Telecom Goggle Search meldet automatischen traffic, verlangt captchas. -------- Vollscan Antivir C:E:G:H: 0 gefunden [D:System Tools, E:recovery, G:H: private Daten (Texte, Audio, Filme usw.)] Malwarebytes C: 0 gefunden HiJackThis204 C:Z: fand Hinweise auf 7 Großbuchtaben-Files.exe auf Z: gefixt, Systemneustart, HiJackThis204 findet nichts mehr. Aber Firefox-IP weiterhin aus Moskau s.o. Vor 10 Minuten plötzlich BLUESCREEN ---- hatte ich noch nie system problem found, windows shut down. Automatischer Neustart, schicke dies jetzt ab. Firefox fritz.box: ERROR The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: hxxp://fritz.box/ Unable to determine IP address from host name "fritz.box" The DNS server returned: Name Error: The domain name does not exist. This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct. Your cache administrator is webmaster. Generated Sat, 26 May 2012 01:37:56 GMT by debian (squid/2.7.STABLE9) Jetzt ist es aber genau 26.5. 3:40 Opera, IE: finden beide fritz.box. Bitte um Hilfe. x: Fehler bei der Windows Sockets-Initialisierung: 5 TCP [::]:135 [::]:0 ABHÖREN 828 RpcSs x: Fehler bei der Windows Sockets-Initialisierung: 5 UDP 192.168.178.21:138 *:* 4 x: Fehler bei der Windows Sockets-Initialisierung: 5 UDP 192.168.178.21:1900 *:* 1172 SSDPSRV [svchost.exe] Geändert von siggi30 (26.05.2012 um 02:54 Uhr) Grund: netstat bringt êvtl. interesante Info |
26.05.2012, 20:24 | #2 | |||
/// Helfer-Team | Firefox meldet anstelle meiner IP eine aus Moskau Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
2. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
3. Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter Zitat:
Zitat:
kira
__________________ |
27.05.2012, 04:15 | #3 |
| Firefox meldet anstelle meiner IP eine aus Moskau Hallo Kira,
__________________Dank für Deine schnelle Hilfe. Ich habe seit dem BLUESCREEN statt firefox nur noch opera benutzt. 1. Run OTL: OTL.TXT OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.05.2012 03:31:29 - Run 4 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\s\Documents Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 41,59% Memory free 3,68 Gb Paging File | 2,07 Gb Available in Paging File | 56,30% Paging File free Paging file location(s): c:\pagefile.sys 16 1024z:\pagefile.sys 900 920 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,11 Gb Total Space | 9,83 Gb Free Space | 25,14% Space Free | Partition Type: NTFS Drive D: | 7,59 Gb Total Space | 0,65 Gb Free Space | 8,52% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,21% Space Free | Partition Type: NTFS Drive G: | 61,52 Gb Total Space | 0,38 Gb Free Space | 0,61% Space Free | Partition Type: NTFS Drive H: | 39,27 Gb Total Space | 3,42 Gb Free Space | 8,71% Space Free | Partition Type: NTFS Drive Z: | 1023,00 Mb Total Space | 122,99 Mb Free Space | 12,02% Space Free | Partition Type: FAT32 Computer Name: S-PC | User Name: a | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\s\Documents\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\dradio-Recorder\phonostarTimer.exe () PRC - C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço) PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) PRC - C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhservice.exe (Paragon Software Group) PRC - C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhagent.exe (Paragon Software Group) PRC - C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe () PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) PRC - C:\users\s\PROGS\VS\win\VS.EXE () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Program Files\dradio-Recorder\phonostarTimer.exe () MOD - C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe () MOD - C:\WINDOWS\System32\atitmmxx.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\users\s\PROGS\VS\win\VS.EXE () MOD - C:\users\s\PROGS\VS\win\VCHACK.DLL () MOD - C:\users\s\PROGS\VS\win\VSAPI.DLL () ========== Win32 Services (SafeList) ========== SRV - (ZLMM) -- Z:\Temp\ZLMM.exe File not found SRV - (VBPYZIXBOQ) -- Z:\Temp\VBPYZIXBOQ.exe File not found SRV - (TOWPQ) -- Z:\Temp\TOWPQ.exe File not found SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (RWSX) -- Z:\Temp\RWSX.exe File not found SRV - (NHLQNS) -- Z:\Temp\NHLQNS.exe File not found SRV - (MEXQD) -- Z:\Temp\MEXQD.exe File not found SRV - (FOJDVGF) -- Z:\Temp\FOJDVGF.exe File not found SRV - (EEYGQKZIUNYL) -- Z:\Temp\EEYGQKZIUNYL.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AfaService) -- C:\WINDOWS\System32\afasrv32.exe () SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (Paragon System Backup Dienst) -- C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhservice.exe (Paragon Software Group) SRV - (UI Assistant Service) -- C:\Program Files\Join Air\AssistantServices.exe () SRV - (bepldr6PixelPlanetService) -- C:\Program Files\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe () SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems) SRV - (AEADIFilters) -- C:\WINDOWS\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found DRV - (rootrepeal) -- C:\Windows\system32\drivers\rootrepeal.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (a9ry7opk) -- File not found DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\drivers\sptd.sys () DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (MHIKEY10) -- C:\WINDOWS\System32\drivers\MHIKEY10.sys (Generic USB smartcard reader) DRV - (hotcore3) -- C:\WINDOWS\System32\drivers\hotcore3.sys (Paragon Software Group) DRV - (CdaC15BA) -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS () DRV - (VBoxNetAdp) -- C:\WINDOWS\System32\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company) DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (ZTEusbser6k) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\WINDOWS\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Ser2pl) -- C:\WINDOWS\System32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (RRamdisk) -- C:\WINDOWS\System32\drivers\rramdisk.sys (gavotte) DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems) DRV - (KMWDFILTER) -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (WinRing0_1_2_0) -- C:\Program Files\BatteryCare\WinRing0.sys (OpenLibSys.org) DRV - (Ramdisk) -- C:\WINDOWS\System32\drivers\ramdisk.sys (Microsoft Corporation) DRV - (SCR3XX2K) -- C:\WINDOWS\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.) DRV - (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (SSPORT) -- C:\WINDOWS\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (TPM) -- C:\WINDOWS\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (WimFltr) -- C:\WINDOWS\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\WINDOWS\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (DgiVecp) -- C:\WINDOWS\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@soft-xpansion/npsxpdf: C:\Program Files\Common Files\soft Xpansion\np-sxpdf.dll (soft Xpansion) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.15 17:50:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.14 01:59:32 | 000,000,000 | ---D | M] [2010.07.22 14:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions [2011.11.08 23:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions [2010.11.10 15:44:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.30 17:21:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.14 03:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions [2010.08.09 14:01:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.04.24 14:22:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.04.30 17:21:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.15 17:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.05.14 03:16:42 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER [2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.07.13 19:38:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DBHAgent] C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhagent.exe (Paragon Software Group) O4 - HKCU..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [dradio-Recorder] C:\Program Files\dradio-Recorder\phonostarStarter.exe () O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files\dradio-Recorder\phonostarTimer.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipMagic.lnk = C:\Program Files\ClipMagic3.2.3\clipmagic.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: iMacros V7 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files\iOpus\iMacros\iMacrosSidebar.dll () O9 - Extra 'Tools' menuitem : iMacros Web Automation - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C0A94B8-C110-4DAB-A31F-5D9A3ED781D1}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img17.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img17.jpg O32 - HKLM CDRom: AutoRun - 0 O32 - Unable to obtain root file information for disk D:\ O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.23 01:35:39 | 000,000,000 | ---D | C] -- C:\vslick [2012.05.20 11:42:57 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Runscanner.net [2012.05.15 23:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.05.15 17:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.05.15 16:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF [2012.05.15 16:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2012.05.15 16:27:36 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Secunia PSI (BETA) [2012.05.14 03:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit [2012.05.14 02:00:04 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Seven Zip [2012.05.13 20:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\ZZattoo4 [2012.05.09 11:00:14 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.05.09 11:00:14 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.05.09 11:00:14 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.05.09 11:00:14 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.05.09 11:00:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.05.09 11:00:13 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.05.09 11:00:12 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.05.09 11:00:12 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [3 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.27 03:33:54 | 000,658,316 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.27 03:33:54 | 000,614,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.27 03:33:54 | 000,151,598 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.27 03:33:54 | 000,116,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.27 03:31:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.27 03:26:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.27 03:26:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.27 03:26:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.27 02:28:31 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.15 23:50:40 | 000,001,015 | ---- | M] () -- C:\Users\a\Desktop\Spybot - Search & Destroy.lnk [2012.05.15 17:50:21 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.05.15 16:35:06 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.05.15 16:32:11 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.05.15 15:37:52 | 000,001,683 | ---- | M] () -- C:\Users\Public\Desktop\ClipMagic.lnk [2012.05.14 12:57:51 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.05.14 12:57:51 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.05.14 12:01:50 | 000,439,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.14 03:16:43 | 000,000,848 | ---- | M] () -- C:\Users\a\Desktop\Orbit.lnk [2012.05.08 14:31:09 | 004,140,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2012.05.08 13:30:00 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.05.08 13:30:00 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [3 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.15 23:50:40 | 000,001,015 | ---- | C] () -- C:\Users\a\Desktop\Spybot - Search & Destroy.lnk [2012.05.15 16:33:01 | 000,001,674 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk [2012.05.15 16:32:11 | 000,000,686 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.05.15 16:32:11 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012.03.20 01:07:27 | 000,003,474 | ---- | C] () -- C:\Windows\System32\NANSI.SYS [2012.03.11 22:13:38 | 000,112,128 | RH-- | C] () -- C:\Windows\CdaC14BA.DLL [2012.03.11 22:13:38 | 000,030,720 | RH-- | C] () -- C:\Windows\CdaC13BA.EXE [2012.02.24 23:23:17 | 000,017,408 | ---- | C] () -- C:\Users\a\AppData\Local\WebpageIcons.db [2011.09.25 21:35:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\afasrv32.exe [2011.09.19 22:51:16 | 000,821,182 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.09.19 22:51:16 | 000,251,575 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.06.28 14:18:31 | 000,006,808 | ---- | C] () -- C:\Windows\System32\HWACCESS.SYS [2011.04.27 16:14:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.23 04:12:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.12.19 17:56:19 | 000,004,608 | ---- | C] () -- C:\Users\a\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.25 17:15:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.10.14 02:24:08 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2010.10.04 07:29:11 | 000,000,035 | ---- | C] () -- C:\Windows\Ulead32.INI [2010.09.29 15:03:25 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2010.09.23 11:12:36 | 000,029,752 | ---- | C] () -- C:\Windows\System32\oeminfo.ini [2010.09.18 01:16:00 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2010.08.07 00:38:29 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010.07.16 11:09:05 | 000,000,089 | ---- | C] () -- C:\Users\a\AppData\Local\fusioncache.dat [2010.07.09 15:49:14 | 002,648,064 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2010.07.02 14:29:29 | 000,008,864 | ---- | C] () -- C:\Windows\System32\drivers\CDAC15BA.SYS [2010.07.02 03:23:33 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys [2010.07.02 03:23:33 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys [2010.06.21 03:06:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.06.20 18:06:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.06.20 18:06:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.06.09 17:45:19 | 000,010,414 | ---- | C] () -- C:\Windows\recORDER.DLL < End of report > Extras.Txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.05.2012 03:31:29 - Run 4 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\s\Documents Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 41,59% Memory free 3,68 Gb Paging File | 2,07 Gb Available in Paging File | 56,30% Paging File free Paging file location(s): c:\pagefile.sys 16 1024z:\pagefile.sys 900 920 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,11 Gb Total Space | 9,83 Gb Free Space | 25,14% Space Free | Partition Type: NTFS Drive D: | 7,59 Gb Total Space | 0,65 Gb Free Space | 8,52% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,21% Space Free | Partition Type: NTFS Drive G: | 61,52 Gb Total Space | 0,38 Gb Free Space | 0,61% Space Free | Partition Type: NTFS Drive H: | 39,27 Gb Total Space | 3,42 Gb Free Space | 8,71% Space Free | Partition Type: NTFS Drive Z: | 1023,00 Mb Total Space | 122,99 Mb Free Space | 12,02% Space Free | Partition Type: FAT32 Computer Name: S-PC | User Name: a | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\s\Documents\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\dradio-Recorder\phonostarTimer.exe () PRC - C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço) PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) PRC - C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhservice.exe (Paragon Software Group) PRC - C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhagent.exe (Paragon Software Group) PRC - C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe () PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation) PRC - C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) PRC - C:\users\s\PROGS\VS\win\VS.EXE () ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Program Files\dradio-Recorder\phonostarTimer.exe () MOD - C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe () MOD - C:\WINDOWS\System32\atitmmxx.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\users\s\PROGS\VS\win\VS.EXE () MOD - C:\users\s\PROGS\VS\win\VCHACK.DLL () MOD - C:\users\s\PROGS\VS\win\VSAPI.DLL () ========== Win32 Services (SafeList) ========== SRV - (ZLMM) -- Z:\Temp\ZLMM.exe File not found SRV - (VBPYZIXBOQ) -- Z:\Temp\VBPYZIXBOQ.exe File not found SRV - (TOWPQ) -- Z:\Temp\TOWPQ.exe File not found SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (RWSX) -- Z:\Temp\RWSX.exe File not found SRV - (NHLQNS) -- Z:\Temp\NHLQNS.exe File not found SRV - (MEXQD) -- Z:\Temp\MEXQD.exe File not found SRV - (FOJDVGF) -- Z:\Temp\FOJDVGF.exe File not found SRV - (EEYGQKZIUNYL) -- Z:\Temp\EEYGQKZIUNYL.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AfaService) -- C:\WINDOWS\System32\afasrv32.exe () SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software) SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (Paragon System Backup Dienst) -- C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhservice.exe (Paragon Software Group) SRV - (UI Assistant Service) -- C:\Program Files\Join Air\AssistantServices.exe () SRV - (bepldr6PixelPlanetService) -- C:\Program Files\Common Files\BCL Technologies\PixelPlanet6\bepldr.exe () SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems) SRV - (AEADIFilters) -- C:\WINDOWS\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found DRV - (rootrepeal) -- C:\Windows\system32\drivers\rootrepeal.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (a9ry7opk) -- File not found DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\WINDOWS\System32\drivers\sptd.sys () DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (MHIKEY10) -- C:\WINDOWS\System32\drivers\MHIKEY10.sys (Generic USB smartcard reader) DRV - (hotcore3) -- C:\WINDOWS\System32\drivers\hotcore3.sys (Paragon Software Group) DRV - (CdaC15BA) -- C:\WINDOWS\System32\drivers\CDAC15BA.SYS () DRV - (VBoxNetAdp) -- C:\WINDOWS\System32\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company) DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (ZTEusbser6k) -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\WINDOWS\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Ser2pl) -- C:\WINDOWS\System32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (RRamdisk) -- C:\WINDOWS\System32\drivers\rramdisk.sys (gavotte) DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems) DRV - (KMWDFILTER) -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (WinRing0_1_2_0) -- C:\Program Files\BatteryCare\WinRing0.sys (OpenLibSys.org) DRV - (Ramdisk) -- C:\WINDOWS\System32\drivers\ramdisk.sys (Microsoft Corporation) DRV - (SCR3XX2K) -- C:\WINDOWS\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.) DRV - (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (SSPORT) -- C:\WINDOWS\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (TPM) -- C:\WINDOWS\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (WimFltr) -- C:\WINDOWS\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\WINDOWS\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (DgiVecp) -- C:\WINDOWS\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@soft-xpansion/npsxpdf: C:\Program Files\Common Files\soft Xpansion\np-sxpdf.dll (soft Xpansion) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.15 17:50:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.14 01:59:32 | 000,000,000 | ---D | M] [2010.07.22 14:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions [2011.11.08 23:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions [2010.11.10 15:44:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.30 17:21:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\09iind3n.Standard-Benutzer\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.14 03:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions [2010.08.09 14:01:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.04.24 14:22:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.04.30 17:21:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\gdk6r6k0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.15 17:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.05.14 03:16:42 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER [2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.07.13 19:38:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DBHAgent] C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhagent.exe (Paragon Software Group) O4 - HKCU..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe (Filipe Lourenço) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [dradio-Recorder] C:\Program Files\dradio-Recorder\phonostarStarter.exe () O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files\dradio-Recorder\phonostarTimer.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - Startup: C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipMagic.lnk = C:\Program Files\ClipMagic3.2.3\clipmagic.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAPower = 0 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: iMacros V7 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files\iOpus\iMacros\iMacrosSidebar.dll () O9 - Extra 'Tools' menuitem : iMacros Web Automation - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C0A94B8-C110-4DAB-A31F-5D9A3ED781D1}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img17.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img17.jpg O32 - HKLM CDRom: AutoRun - 0 O32 - Unable to obtain root file information for disk D:\ O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.05.23 01:35:39 | 000,000,000 | ---D | C] -- C:\vslick [2012.05.20 11:42:57 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Runscanner.net [2012.05.15 23:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.05.15 17:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.15 17:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.05.15 16:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF [2012.05.15 16:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2012.05.15 16:27:36 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Secunia PSI (BETA) [2012.05.14 03:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit [2012.05.14 02:00:04 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Seven Zip [2012.05.13 20:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\ZZattoo4 [2012.05.09 11:00:14 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.05.09 11:00:14 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.05.09 11:00:14 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.05.09 11:00:14 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.05.09 11:00:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.05.09 11:00:13 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.05.09 11:00:12 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.05.09 11:00:12 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [3 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.27 03:33:54 | 000,658,316 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.27 03:33:54 | 000,614,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.27 03:33:54 | 000,151,598 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.27 03:33:54 | 000,116,030 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.27 03:31:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.27 03:26:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.27 03:26:21 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.27 03:26:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.27 02:28:31 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.15 23:50:40 | 000,001,015 | ---- | M] () -- C:\Users\a\Desktop\Spybot - Search & Destroy.lnk [2012.05.15 17:50:21 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.05.15 16:35:06 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.05.15 16:32:11 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.05.15 15:37:52 | 000,001,683 | ---- | M] () -- C:\Users\Public\Desktop\ClipMagic.lnk [2012.05.14 12:57:51 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.05.14 12:57:51 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.05.14 12:01:50 | 000,439,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.14 03:16:43 | 000,000,848 | ---- | M] () -- C:\Users\a\Desktop\Orbit.lnk [2012.05.08 14:31:09 | 004,140,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2012.05.08 13:30:00 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.05.08 13:30:00 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [3 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.15 23:50:40 | 000,001,015 | ---- | C] () -- C:\Users\a\Desktop\Spybot - Search & Destroy.lnk [2012.05.15 16:33:01 | 000,001,674 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk [2012.05.15 16:32:11 | 000,000,686 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.05.15 16:32:11 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012.03.20 01:07:27 | 000,003,474 | ---- | C] () -- C:\Windows\System32\NANSI.SYS [2012.03.11 22:13:38 | 000,112,128 | RH-- | C] () -- C:\Windows\CdaC14BA.DLL [2012.03.11 22:13:38 | 000,030,720 | RH-- | C] () -- C:\Windows\CdaC13BA.EXE [2012.02.24 23:23:17 | 000,017,408 | ---- | C] () -- C:\Users\a\AppData\Local\WebpageIcons.db [2011.09.25 21:35:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\afasrv32.exe [2011.09.19 22:51:16 | 000,821,182 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.09.19 22:51:16 | 000,251,575 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.06.28 14:18:31 | 000,006,808 | ---- | C] () -- C:\Windows\System32\HWACCESS.SYS [2011.04.27 16:14:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.04.23 04:12:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.12.19 17:56:19 | 000,004,608 | ---- | C] () -- C:\Users\a\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.25 17:15:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.10.14 02:24:08 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI [2010.10.04 07:29:11 | 000,000,035 | ---- | C] () -- C:\Windows\Ulead32.INI [2010.09.29 15:03:25 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2010.09.23 11:12:36 | 000,029,752 | ---- | C] () -- C:\Windows\System32\oeminfo.ini [2010.09.18 01:16:00 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI [2010.08.07 00:38:29 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010.07.16 11:09:05 | 000,000,089 | ---- | C] () -- C:\Users\a\AppData\Local\fusioncache.dat [2010.07.09 15:49:14 | 002,648,064 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2010.07.02 14:29:29 | 000,008,864 | ---- | C] () -- C:\Windows\System32\drivers\CDAC15BA.SYS [2010.07.02 03:23:33 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys [2010.07.02 03:23:33 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys [2010.06.21 03:06:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.06.20 18:06:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.06.20 18:06:28 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.06.09 17:45:19 | 000,010,414 | ---- | C] () -- C:\Windows\recORDER.DLL < End of report > 2. Run ccleaner Code:
ATTFilter 7sDoc-lite 1.3.0 SVA-software 14.03.2012 4,43 MB ABBYY FineReader 5.0 Pro ABBYY Software House 01.07.2010 151,1 MB 5.0 ABBYY FineReader 5.0 Sprint ABBYY Software House 01.07.2010 294 MB 5.0.0.3347 ABBYY FineReader OCR Engine für Tevion 01.07.2010 272 MB Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 07.05.2012 11.2.202.235 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.05.2012 11.2.202.235 Agere Systems HDA Modem LSI Corporation 14.03.2009 16,00 KB Application Installer 4.00.B14 Hewlett-Packard Company 02.03.2009 0,89 MB 4.00.B14 ASIO4ALL Michael Tippach 06.09.2010 0,52 MB 2.10 ATI Catalyst Install Manager ATI Technologies, Inc. 26.04.2011 13,8 MB 3.0.715.0 ATI Uninstaller ATI Technologies, Inc. 02.03.2009 13,9 MB Avanquest update Avanquest Software 04.02.2012 2,79 MB 1.30 Avira Free Antivirus Avira 07.05.2012 99,6 MB 12.0.0.1125 AVM FRITZ!DSL AVM Berlin 12.07.2010 11,2 MB 2.04.03 BatteryCare 0.9.8.10 Filipe Lourenço 13.06.2011 3,10 MB 0.9.8.10 Browser Mouse 22.06.2010 2,01 MB Business Contact Manager für Outlook 2007 SP2 Microsoft Corporation 01.06.2010 31,4 MB 3.0.8619.1 Cda Product Service - shared component 10.03.2012 CHIPDRIVE Smartcard Commander SCM Microsystems 13.10.2010 21,6 MB Chipkartenleser 17.09.2010 2,97 MB ClipMagic 3.2.3 MJT Net Ltd 02.09.2011 1,39 MB 4.1 DAEMON Tools Lite DT Soft Ltd 15.10.2011 24,2 MB 4.41.3.0173 dradio-Recorder Version 3.02.5 03.04.2012 34,7 MB DSL-Turbo FRANZIS Verlag 07.10.2011 3,36 MB ESU for Microsoft Vista Hewlett-Packard 29.06.2007 3,78 MB 1.0.10.1 EVEREST Home Edition v2.20 Lavalys Inc 28.03.2012 6,58 MB 2.20 Feedback Tool Microsoft Corporation 19.06.2011 2,28 MB 1.2.0 Flash Memory Toolkit trial 2.01 EFD Software 11.10.2011 3,30 MB fortePivot LG Soft India 11.08.2010 2,16 MB 3.04 Foxit Creator Foxit Corporation 16.02.2011 3,1,0,1210 Foxit Reader Foxit Corporation 12.07.2011 11,6 MB 4.3.1.323 Free Studio version 5.0.9 DVDVideoSoft Limited. 29.04.2011 173,0 MB Gadwin PrintScreen Gadwin Systems, Inc. 17.05.2011 3,50 MB 4.6 Google Earth Plug-in Google 16.11.2011 40,9 MB 6.1.0.5001 GPL Ghostscript Artifex Software Inc. 11.06.2011 31,1 MB 9.02 GSview 4.9 11.06.2011 3,23 MB HD Tune 2.55 EFD Software 04.11.2010 1,27 MB HP BIOS Configuration for ProtectTools Hewlett-Packard 29.06.2007 2,56 MB 3.00 C1 HP Customer Experience Enhancements Hewlett-Packard 29.06.2007 5.0.0.2258 HP Easy Setup - Core Hewlett-Packard 29.06.2007 1,02 MB 5.0.0.2258 HP Easy Setup - Frontend Hewlett-Packard 29.06.2007 1,44 MB 5.0.0.2258 HP Help and Support Hewlett-Packard 29.06.2007 20,9 MB 1.0.0 HP Help and Support HPQ 22.09.2010 0,35 MB 4.4.0002 HP Notebook Accessories Product Tour Hewlett-Packard 29.06.2007 10,1 MB 13.0.0 HP ProtectTools Security Manager Hewlett-Packard 29.06.2007 7,10 MB 3.00 A10 HP Quick Launch Buttons Hewlett-Packard Company 03.11.2011 32,9 MB 6.50.14.1 HP SoftPaq Download Manager Hewlett-Packard Company 30.06.2010 14,7 MB 3.0.5.0 HP Update Hewlett-Packard 30.06.2010 2,97 MB 5.002.006.003 HP Wireless Assistant Hewlett-Packard 29.06.2007 3,94 MB 3.00 F1 iMacros Version 7.5.1.1734 iOpus 04.11.2011 16,3 MB 7.5.1.1734 InterVideo DVD Check 02.03.2009 0,18 MB InterVideo WinDVD InterVideo Inc. 02.03.2009 46,1 MB 5.0-B11.1164 Java(TM) 6 Update 26 Oracle 12.07.2011 97,1 MB 6.0.260 Java(TM) SE Runtime Environment 6 Sun Microsystems, Inc. 29.06.2007 115,2 MB 1.6.0.0 Join Air ZTE Corporation 23.12.2010 22,6 MB 1.0.0.2 LightScribe System Software 1.10.16.1 hxxp://www.lightscribe.com 29.07.2010 19,2 MB 1.10.16.1 Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 27.11.2011 3,90 MB 1.51.2.1300 Microsoft .NET Framework 1.1 14.03.2009 Microsoft .NET Framework 1.1 German Language Pack Microsoft 29.06.2007 3,02 MB 1.1.4322 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 01.06.2010 37,0 MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 14.03.2009 37,0 MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.06.2010 120,3 MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 26.06.2010 24,5 MB 4.0.30319 Microsoft SQL Server 2005 Microsoft Corporation 03.06.2010 221 MB Microsoft SQL Server Native Client Microsoft Corporation 30.05.2011 2,63 MB 9.00.5000.00 Microsoft SQL Server VSS Writer Microsoft Corporation 30.05.2011 0,68 MB 9.00.5000.00 Microsoft Tool Web Package:Diruse.exe Microsoft Corporation 31.08.2010 48,00 KB 1.0.0.1 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 01.06.2010 0,25 MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29 MB 8.0.61001 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 07.06.2011 0,58 MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 30.05.2011 1,41 MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 12.07.2010 0,23 MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 31.05.2010 0,58 MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,58 MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 23.10.2011 11,1 MB 10.0.40219 Microsoft Windows Performance Toolkit Microsoft Corporation 06.09.2010 19,7 MB 4.6.0 Mozilla Firefox 12.0 (x86 de) Mozilla 14.05.2012 69,7 MB 12.0 Mozilla Maintenance Service Mozilla 14.05.2012 0,21 MB 12.0 MSCU for Microsoft Vista Hewlett-Packard 29.06.2007 72,9 MB 1.0.1.3 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 14.03.2009 1,28 MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 01.06.2010 1,34 MB 4.20.9876.0 Multimedia keyboard utility 22.06.2010 1,91 MB MyDefrag v4.3.1 J.C. Kessels 23.06.2010 3,34 MB 4.0.0.0 Nero 8 Essentials Nero AG 29.07.2010 1.632 MB 8.10.135 Nitro PDF Reader 2 Nitro PDF Software 13.09.2011 84,6 MB 2.0.0.29 Opera 10.51 Opera Software ASA 14.05.2012 28,2 MB 10.51 Orbit Downloader www.orbitdownloader.com 13.05.2012 12,8 MB Paragon Partition Manager™ 11 Free Edition Paragon Software 26.06.2010 45,1 MB 90.00.0003 Paragon System Backup 2010 Kompakt Paragon Software 02.12.2010 111,0 MB 90.00.0003 PDF Complete 02.03.2009 24,8 MB PdfGrabber 6.0 PixelPlanet 28.09.2010 66,5 MB 6.0.0.0 PL-2303 USB-to-Serial 17.09.2010 1,02 MB Riot - Radical Image Optimization Tool 10.10.2011 1,25 MB Roxio Creator Audio Roxio 29.06.2007 1,09 MB 3.3.0 Roxio Creator Basic v9 Roxio 29.06.2007 20,6 MB 3.3.0 Roxio Creator Copy Roxio 29.06.2007 0,63 MB 3.3.0 Roxio Creator Data Roxio 29.06.2007 0,96 MB 3.3.0 Roxio Creator Tools Roxio 29.06.2007 0,34 MB 3.3.0 Roxio Express Labeler 3 Roxio 29.06.2007 16,3 MB 2.1.0 Roxio MyDVD Basic v9 Roxio 29.06.2007 297 MB 9.0.116 Sandboxie 3.54 (32-bit) 17.05.2011 3,14 MB ScanWizard 5 01.07.2010 3,45 MB SCR3xxx Smart Card Reader SCM Microsystems 13.10.2010 3,06 MB 8.30 Security Task Manager 1.8d Neuber Software 03.11.2011 2,75 MB 1.8d SlickEdit 11.0.0 04.07.2010 120,5 MB soft Xpansion Perfect PDF 7 Reader soft Xpansion 29.04.2011 22,7 MB 7.0.9.6 SoundMAX Analog Devices 29.06.2007 56,00 KB 6.10.1.5180 Spybot - Search & Destroy Safer Networking Limited 14.05.2012 52,5 MB 1.6.2 SSH Secure Shell 20.06.2010 0,84 MB ST Wiederherstellungs- & Sicherungsprogramme Hewlett-Packard Company 29.06.2007 18.775 MB 4.0.14 Streamripper (Remove only) 01.03.2011 6,30 MB StreamTransport version: 1.0.2.2171 23.04.2012 5,36 MB SumatraPDF Krzysztof Kowalczyk 14.05.2012 8,52 MB 1.6 Synaptics Pointing Device Driver Synaptics Incorporated 03.11.2011 32,8 MB 15.0.24.0 Uninstall 1.0.0.1 29.04.2011 62,8 MB Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 30.05.2011 30,6 MB 9.00.5000.00 USIM Editor 1.0.25.0 24.09.2011 17,3 MB Vista Default Settings Hewlett-Packard 29.06.2007 0,27 MB 1.0.5.1 VLC media player 2.0.1 VideoLAN 03.04.2012 75,9 MB 2.0.1 Winamp Nullsoft, Inc 01.03.2011 39,4 MB 5.601 Winamp Erkennungs-Plug-in Nullsoft, Inc 01.03.2011 0,15 MB 1.0.0.1 Windows Installer Clean Up Microsoft Corporation 12.02.2011 0,30 MB 3.00.00.0000 WinFuture xp-Iso-Builder 3.0.7 Tobias Schiek 14.06.2010 3,69 MB Xvid MPEG-4 Video Codec Xvid Development Team 19.09.2011 HijackThis.log [code] HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 03:57:03, on 27.05.2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhagent.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\BatteryCare\BatteryCare.exe C:\Program Files\dradio-Recorder\phonostarTimer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe C:\Program Files\FRITZ!DSL\FwebProt.exe C:\Program Files\FRITZ!DSL\StCenter.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\WINDOWS\System32\cmd.exe C:\Windows\system32\conime.exe C:\Windows\system32\Taskmgr.exe C:\Users\s\Documents\OTL.exe C:\Users\s\Documents\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.hp.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [DBHAgent] C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhagent.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [dradio-RecorderTimer] C:\Program Files\dradio-Recorder\phonostarTimer.exe O4 - HKCU\..\Run: [dradio-Recorder] C:\Program Files\dradio-Recorder\phonostarStarter.exe O4 - HKCU\..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-21-2902011239-2132124238-3506956372-1006\..\Run: [] (User 's') O4 - HKUS\S-1-5-18\..\Run: [FRITZ!protect] FwebProt.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [FRITZ!protect] FwebProt.exe (User 'Default user') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: AutoHotkey1.lnk = C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: Blau.lnk = D:\Windows\System32\cmd.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: Command Prompt.lnk = D:\Windows\System32\cmd.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: FRITZ!DSL Protect.lnk = C:\Program Files\FRITZ!DSL\FwebProt.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: FRITZ!DSL Startcenter.lnk = C:\Program Files\FRITZ!DSL\StCenter.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: Gelb.lnk = D:\Windows\System32\cmd.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: Grün.lnk = D:\Windows\System32\cmd.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 Startup: Rot.lnk = D:\Windows\System32\cmd.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: AutoHotkey1.lnk = C:\Users\s\progs\AutoHotkey104805\AutoHotkey.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: Blau.lnk = D:\Windows\System32\cmd.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: Command Prompt.lnk = D:\Windows\System32\cmd.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: FRITZ!DSL Protect.lnk = C:\Program Files\FRITZ!DSL\FwebProt.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: FRITZ!DSL Startcenter.lnk = C:\Program Files\FRITZ!DSL\StCenter.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: Gelb.lnk = D:\Windows\System32\cmd.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: Grün.lnk = D:\Windows\System32\cmd.exe (User 's') O4 - S-1-5-21-2902011239-2132124238-3506956372-1006 User Startup: Rot.lnk = D:\Windows\System32\cmd.exe (User 's') O4 - Startup: ClipMagic.lnk = C:\Program Files\ClipMagic3.2.3\clipmagic.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Free YouTube Download - C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\a\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: iMacros V7 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files\iOpus\iMacros\iMacrosSidebar.dll O9 - Extra 'Tools' menuitem: iMacros Web Automation - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files\iOpus\iMacros\iMacrosSidebar.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv32.exe O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe O23 - Service: Paragon System Backup Dienst - Paragon Software Group - C:\Program Files\Paragon Software\System Backup 2010 Kompakt\program\dbhservice.exe O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 9408 bytes Ist viel für Dich zu lesen und zu checken. PS: Ist es richtig, dass Trojaner / Viren mit portablen nichts anfangen können oder es sich für Mafia&Co nicht lohnt, weil viel einfacher in die Reg raffinierte Einträge zu plazieren? Habe 1971 mit einer 360/44 (Kernspeicher auf 256 kB erweitert) angefangen, über die 360/165 mit 2MB bis zur 390 (0.05-2Mips) mit einem sagenhaften Adressraum von 16MB: Hab damals einen Artikel gechrieben, wie man den erweitern konnte - statt dem BALR 15,14 mit BASR ... aber einen BLUESCREEN habe ich noch nie gehabt (wie Bill bei der Vorführung seines revolutionären XP 2001) - 3 Jahre vorher war ein US-Kreuzer auf offener See wochenlang manövrierunfähig, weil das revolutionäre NT 3.51 abstürzte und niemand in der Lage war, irgend welche Werte zur Steuerung des Schiffes einzugeben. Jedenfalls hatte das Militär die Schnauze gestrichen voll von NT / XP. Die sind glaube ich auf Ada und ein gehärtetes UNIX (BSD?) umgestiegen. Na wenn das 1962 bei der Cuba-Krise so gelaufen wäre, würde ich nicht mehr leben und Du wärst gar nicht geboren worden.... vielen Dank nochmal von Siggi30 PS. Spass muss doch sein nach so vielen öden Seiten Beweismaterial gegen die russische Mafia... Mafiajäger Giovanni Falcone läst grüßen... 1992 500kg TNT unter der Autobahn bei Palermo... also sieh Dich vor...- |
27.05.2012, 20:06 | #4 | ||
/// Helfer-Team | Firefox meldet anstelle meiner IP eine aus Moskau wann hast Du das Rootrepeal ausgeführt? kannst du mal bitte das Protokoll posten? 1. Zitat:
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"... ► Falls Du doch es behalten möchtest: Stelle bitte den TeaTimer ab: Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident. Deaktiviere hier den "Resident TeaTimer aktiv". (Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben! 2. Zitat:
Code:
ATTFilter :OTL SRV - (ZLMM) -- Z:\Temp\ZLMM.exe File not found SRV - (VBPYZIXBOQ) -- Z:\Temp\VBPYZIXBOQ.exe File not found SRV - (TOWPQ) -- Z:\Temp\TOWPQ.exe File not found SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (RWSX) -- Z:\Temp\RWSX.exe File not found SRV - (NHLQNS) -- Z:\Temp\NHLQNS.exe File not found SRV - (MEXQD) -- Z:\Temp\MEXQD.exe File not found SRV - (FOJDVGF) -- Z:\Temp\FOJDVGF.exe File not found SRV - (EEYGQKZIUNYL) -- Z:\Temp\EEYGQKZIUNYL.exe File not found DRV - (rootrepeal) -- C:\Windows\system32\drivers\rootrepeal.sys File not found DRV - (a9ry7opk) -- File not found IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=none&bd=smb&pf=laptop IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =http={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O4 - HKLM..\Run: [] File not found [2012.05.27 02:28:31 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
3. Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version für 64 Bit: Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 4. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Wie kann ich den Cache im Internet Explorer leeren? 5. reinige dein System mit CCleaner:
6. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 7. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
29.05.2012, 00:03 | #5 |
| Firefox meldet anstelle meiner IP eine aus Moskau 1. ad rootrepeal u.ä. AVIRA: Code:
ATTFilter 15.05.2012 20:53 [Planer] Auftrag gestartet Auftrag "Vollständige Systemprüfung00" wurde erfolgreich gestartet. 16.05.2012 02:47 [System Scanner] Suchlauf Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.]. Anzahl Dateien: 3350 Anzahl Verzeichnisse: 0 Anzahl Malware: 0 Anzahl Warnungen: 0 Erstellungsdatum der Reportdatei: Mittwoch, 16. Mai 2012 01:00 ... Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, E:, G:, H:, Z:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Mittwoch, 16. Mai 2012 01:00 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD2 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'E:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'G:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'H:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'Z:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Versteckter Treiber [HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte. Der Suchlauf über gestartete Prozesse wird begonnen: nach mind. 1:37:20 Zeit durchsuchte Objekte: 657410 Dateien: 3350 1 verstecktes Objekt gefunden. ohne manuellen Abbruch stürzte der Scan ohne Protokoll ab. RUNSCANNER: Code:
ATTFilter Creation time : 20.05.2012 11:44:44 Hosts <> 127.0.0.1 : 0 Hosts file location : %SystemRoot%\System32\drivers\etc IE version : 9.0.8112.16421 OS : Windows Vista (TM) Home Basic OS Build : 6002 OS SP : Service Pack 2 RunScanner Version : 2.0.0.60 ... Missing files ------------- 008 FwebProt.exe 010 Z:\Temp\EEYGQKZIUNYL.exe 010 Z:\Temp\FOJDVGF.exe 010 Z:\Temp\MEXQD.exe 010 Z:\Temp\NHLQNS.exe 010 Z:\Temp\RWSX.exe 010 Z:\Temp\TOWPQ.exe 010 Z:\Temp\VBPYZIXBOQ.exe 010 Z:\Temp\ZLMM.exe 011 c:\windows\system32\drivers\blbdrive.sys 011 c:\windows\system32\DRIVERS\ewusbmdm.sys 011 c:\windows\system32\DRIVERS\ipinip.sys 011 c:\windows\system32\DRIVERS\nwlnkflt.sys 011 c:\windows\system32\DRIVERS\nwlnkfwd.sys 011 C:\Windows\system32\drivers\rootrepeal.sys 011 c:\windows\system32\DRIVERS\VBoxNetFlt.sys 011 c:\windows\system32\DRIVERS\vmnetadapter.sys 012 FwebProt.exe 032 rdpclip 067 wlnotify.dll 3. Habe alles Java deinstalliert 5. CCleaner ist gelaufen. 6. GMER log: Code:
ATTFilter GMER Logfile: Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net Windows 6.0.6002 Disk: ST9160821AS rev.3.BHE -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8580B1E8]<< 1 ntkrnlpa!IofCallDriver[0x82085936] -> \Device\Harddisk0\DR0[0x85A83AC8] 3 CLASSPNP[0x8A5A78B3] -> ntkrnlpa!IofCallDriver[0x82085936] -> [0x85A8D610] 5 acpi[0x827266BC] -> ntkrnlpa!IofCallDriver[0x82085936] -> \Device\Ide\IdeDeviceP0T0L0-0[0x85A89580] \Driver\atapi[0x84A8C5E0] -> IRP_MJ_CREATE -> 0x8580B1E8 kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi -> 0x8580b1e8 user & kernel MBR OK copy of MBR has been found in sector 1 ! copy of MBR has been found in sector 62 ! Warning: possible MBR rootkit infection ! Code:
ATTFilter \OTL Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.05.2012 00:18:04 - Run 6 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\s\Documents Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 38,97% Memory free 3,76 Gb Paging File | 1,80 Gb Available in Paging File | 47,71% Paging File free Paging file location(s): c:\pagefile.sys 16 1024z:\pagefile.sys 900 920 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 39,11 Gb Total Space | 10,27 Gb Free Space | 26,25% Space Free | Partition Type: NTFS Drive D: | 7,59 Gb Total Space | 0,65 Gb Free Space | 8,52% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,31 Gb Free Space | 84,21% Space Free | Partition Type: NTFS Drive G: | 61,52 Gb Total Space | 0,38 Gb Free Space | 0,61% Space Free | Partition Type: NTFS Drive H: | 39,27 Gb Total Space | 3,42 Gb Free Space | 8,71% Space Free | Partition Type: NTFS Drive Z: | 1023,00 Mb Total Space | 75,66 Mb Free Space | 7,40% Space Free | Partition Type: FAT32 Computer Name: S-PC | User Name: a | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{3B8751A4-5B31-4217-A3DA-7BE4F530A9EC}" = lport=5031 | protocol=17 | dir=in | name=fritz!fax | "{4311E7C3-20E4-4D21-B23A-2BC9D49A56D8}" = lport=5031 | protocol=6 | dir=in | name=fritz!fax | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1E8E8BA7-20F1-4AA9-961B-24716CE9F621}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{214945B1-DF4A-47BD-B46F-F1FD40CB38F2}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | "{258B8560-665F-4EB4-A713-1C0C12CE11E7}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | "{534E57DE-1227-4B3F-9945-6087CB58C8E1}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "{F18F10CF-29F6-4FAF-AB6C-16BD8206F2C3}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{FFFCA850-EB75-446B-96C5-9317C29270FA}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "TCP Query User{2346E1BB-EE88-497A-B00D-52C53E28D1F3}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | "TCP Query User{2510455A-6071-4D01-80B2-80B09865A36C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{2885F1E1-D71B-43F6-ACA3-6AF1EC7BC491}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{37929E9C-9EBC-47E3-8A69-F4286C5C1F67}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | "TCP Query User{41857EBA-8200-45DA-BBD0-DC3911139C13}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "TCP Query User{45B27707-F5EF-4EA1-AE6B-FEAF183AE302}C:\program files\streamtransport\streamtransport.exe" = protocol=6 | dir=in | app=c:\program files\streamtransport\streamtransport.exe | "TCP Query User{6526EE2E-10AE-4B09-85B9-033ADF45AA83}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "TCP Query User{8C0579C7-19FC-453C-A9FA-E42453FB2762}C:\users\s\progs\operator-3.5\operator\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\s\progs\operator-3.5\operator\opera\opera.exe | "TCP Query User{937786F6-986C-4A69-A456-3432E70C0473}C:\program files\dradio-recorder\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe | "TCP Query User{B39DC996-52D0-4506-B7BC-F82508273381}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{B3DA92A7-E724-4DBA-B8C9-31222226B6C1}C:\users\s\appdata\local\programs\opera\opera.exe" = protocol=6 | dir=in | app=c:\users\s\appdata\local\programs\opera\opera.exe | "TCP Query User{D43FB94E-CB63-47C6-A7D6-D7E3673C0D62}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{E177F89D-6B7E-444D-AF45-C0656755EA69}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{0B83AD9A-A6C7-4054-9260-FA3A014B1B04}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{523D9602-44B7-41F5-86CE-B2AA4F5BC93E}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{54242905-AA7C-4398-B315-7AA5236EB552}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{5DE0D0A5-CBEC-48E9-A23B-E998143B77D1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{72E49E3F-9788-4522-865C-08B49E08D7AE}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | "UDP Query User{8B9E857B-13D6-4B17-9D73-27DAB6879DE0}C:\users\s\progs\operator-3.5\operator\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\s\progs\operator-3.5\operator\opera\opera.exe | "UDP Query User{93F5F0D9-1E96-466B-98FB-DF69627995F1}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | "UDP Query User{A3CCF800-8A38-4A40-A1CC-9B79165F54A0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{B63C3A3D-3CDF-477E-89FD-B496F34BCC6C}C:\program files\streamtransport\streamtransport.exe" = protocol=17 | dir=in | app=c:\program files\streamtransport\streamtransport.exe | "UDP Query User{CAC5ACF6-09C7-4E45-A5F4-D177C4975C51}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{CC4F21BF-D219-4990-8A35-336652B28D6A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{E9C311BF-D0C9-4696-A6CB-F91D2DDC0B63}C:\users\s\appdata\local\programs\opera\opera.exe" = protocol=17 | dir=in | app=c:\users\s\appdata\local\programs\opera\opera.exe | "UDP Query User{EF5D3869-BFE4-4050-9B5B-EBD1C00E08E6}C:\program files\dradio-recorder\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{02C03AE0-E898-5C22-AFD4-877466FFBD98}" = CCC Help English "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{07FB18CF-3F76-43AC-0F02-B2DC201D27F4}" = Catalyst Control Center Localization Thai "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool "{15ADCB87-FB9D-BE4B-89EB-A5439DADACEB}" = CCC Help Japanese "{160FB2C2-37D9-C291-9B79-B660241AD747}" = Catalyst Control Center Localization Dutch "{19CA53A9-E256-6AF1-28FA-EE61A88886CA}" = Catalyst Control Center Localization Chinese Traditional "{1A239B49-FDA5-8BCF-05E9-15C69A8591F7}" = Catalyst Control Center Localization Swedish "{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation "{1E1DFF42-2EE8-4852-A7AB-C5174321D68F}" = Paragon System Backup 2010 Kompakt "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{228FAF8F-3380-6579-E37D-8AE663A543EE}" = CCC Help Russian "{24190661-2122-40D1-9F7C-8FDEA5AE4197}" = Microsoft Windows Performance Toolkit "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{2692EC5B-A136-5340-C10C-4FA987FBA569}" = Catalyst Control Center Localization Spanish "{279F3807-2744-5B05-1CD5-612097502559}" = CCC Help Polish "{27A94385-A7BD-17DA-3827-E54A3B203E7C}" = CCC Help Chinese Traditional "{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility "{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish "{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2B5BC746-6594-F319-D806-BA97C1B3D8E9}" = Catalyst Control Center Localization Japanese "{2C7B74E7-5F26-4568-BAD5-9A49837E9211}" = Linguatec Voice Reader Studio "{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager "{2E2499C1-D876-D3A5-5329-23719AF4EEA5}" = CCC Help French "{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9 "{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine für Tevion "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{3583F14B-42A8-C383-37B1-6186DD87BA46}" = Catalyst Control Center Localization Korean "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{3B1815F1-A388-CBA9-439E-8D97D0A9C6FB}" = CCC Help Portuguese "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme "{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish "{426C7CC1-5AC3-4758-A40C-6446F2CEA8C9}" = ccc-Branding "{4282CA13-4119-B9F9-A13D-F7E8C61978F9}" = CCC Help Turkish "{45F4941E-5E77-11DF-A71D-005056C00008}" = Paragon Partition Manager™ 11 Free Edition "{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager "{4BE43829-C099-4188-9700-67521E912184}_is1" = DSL-Turbo "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour "{523DF39E-DF7D-488F-8022-783946571031}" = Nero 8 Essentials "{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese "{541847E5-E8C5-075B-9F2B-2FF2A3C971C1}" = Catalyst Control Center Localization Hungarian "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5B1E200F-327D-AA06-4990-8E1505DFC754}" = CCC Help Greek "{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check "{5E156316-7276-D0B6-D6CD-A356B897FAB3}" = CCC Help Hungarian "{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian "{6276CABC-7E19-4945-9A9C-3549D965E687}" = CCC Help Danish "{6368D4AE-BFC1-4AAD-25AD-7EBA1CDEAFF0}" = CCC Help Thai "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent "{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light "{67D3B081-1389-D544-6889-3E3BA2691171}" = CCC Help Korean "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6BA9955E-1F40-7E11-1488-228DAEFB0FD8}" = CCC Help Italian "{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista "{6E8C9958-A445-06B7-9180-F1C546E90B6B}" = Catalyst Control Center Localization Chinese Standard "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL "{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell "{75918444-A9D8-86F4-3644-08917713894F}" = CCC Help German "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch "{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian "{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese "{835CEF5E-4CAC-4904-AD80-52AD0D158BB7}" = SCR3xxx Smart Card Reader "{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8B3CDDCA-0913-D8CE-F4E1-E0F8D0200B87}" = CCC Help Norwegian "{8CC5F040-44F2-4FB7-9720-47F53F96D180}" = MSCU for Microsoft Vista "{8D1AA5F7-CF6B-40F1-A783-2E19E384E1B0}" = Microsoft Tool Web Package:Diruse.exe "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish "{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C4AED81-8040-28D3-FCE3-E87DC2B948EC}" = Catalyst Control Center Localization German "{9C5118F7-E26D-4fc0-B7F4-4A067A0808FA}_is1" = iMacros Version 7.5.1.1734 "{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy "{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German "{A1A34147-C621-1D90-3C27-D90CF2E1ADFA}" = CCC Help Czech "{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0 "{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support "{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air "{AA2F07A9-7EB5-4185-BAA9-A02F56F1396A}" = CCC Help Dutch "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins "{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5 "{B33E503B-8A82-E0EF-1ABE-06BF0489A6F9}" = CCC Help Swedish "{B37EF14D-E5EC-4743-B577-188B5B421C17}" = soft Xpansion Perfect PDF 7 Reader "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7A7937C-B0B5-1040-FC2E-EB05872EF72C}" = Catalyst Control Center Localization Turkish "{B7F2B452-4461-88FF-EFD0-8E888D1A4C2D}" = CCC Help Spanish "{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full "{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend "{BC281B89-4AF1-D881-ABB3-853444E7C1D5}" = Catalyst Control Center Localization Greek "{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish "{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech "{C41A421C-59F6-8393-014A-F655460AD5F5}" = CCC Help Finnish "{C6271F2D-3D0A-439B-BD78-584E017C636E}" = Vista Default Settings "{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1" = BatteryCare 0.9.8.10 "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D02B9787-3152-A4A0-43E9-AF5E62715D4E}" = Catalyst Control Center Localization Polish "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint "{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant "{DB11E77A-8184-C8D3-55DF-73F937EE2F3D}" = Catalyst Control Center Localization Norwegian "{DDDBC1AF-504A-3E17-4A74-E8C69D2C0D0E}" = Catalyst Control Center Localization Finnish "{DFE967A8-9C30-413C-B2D5-C0D576949553}" = ESU for Microsoft Vista "{E03D8FE4-70BF-26F8-DA3B-974E3A561308}" = CCC Help Chinese Standard "{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static "{E25074CB-A222-3A2D-0542-CC5BAD57ED76}" = Catalyst Control Center Localization Russian "{E25AA53F-6878-4C64-8130-EB8D678DF303}" = HP User Guides 0064 "{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing "{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support "{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1 "{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{EDF3EEF2-F0B9-440B-B8B9-A61F2DA8C78A}" = fortePivot "{EF6CEC13-B014-8BD5-5E56-78E68494A167}" = Catalyst Control Center Localization Italian "{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F4144B54-EA3B-72F5-D464-211A1D7BAB95}" = Catalyst Control Center Localization Portuguese "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean "{F5ED909F-8571-4B03-B200-6087F32CD973}" = Nitro PDF Reader 2 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7B5554B-5CDE-4D16-9ACF-00BFB1ACD668}" = HP BIOS Configuration for ProtectTools "{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171 "{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components "{FAFC99FB-4361-7B69-AF2B-87A60406B60C}" = Catalyst Control Center Localization French "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7sDoc-lite 1.3.0_is1" = 7sDoc-lite 1.3.0 "ABBYY FineReader 5.0 Pro" = ABBYY FineReader 5.0 Pro "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "ASIO4ALL" = ASIO4ALL "ATI Uninstaller" = ATI Uninstaller "Avira AntiVir Desktop" = Avira Free Antivirus "Browser Mouse" = Browser Mouse "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "Card Reader Driver and USIM Editor Program_is1" = USIM Editor 1.0.25.0 "CdaC13Ba" = Cda Product Service - shared component "CHIPDRIVE Smartcard Commander_CDInst21" = CHIPDRIVE Smartcard Commander "Chipkartenleser" = Chipkartenleser "ClipMagic_3.1" = ClipMagic 3.2.3 "DAEMON Tools Lite" = DAEMON Tools Lite "dradio-Recorder_is1" = dradio-Recorder Version 3.02.5 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Flash Memory Toolkit trial_is1" = Flash Memory Toolkit trial 2.01 "Foxit Creator" = Foxit Creator "Foxit PDF Editor" = Foxit PDF Editor "Foxit Reader" = Foxit Reader "Free Studio_is1" = Free Studio version 5.0.9 "Gadwin PrintScreen" = Gadwin PrintScreen "GPL Ghostscript 9.02" = GPL Ghostscript "GSview 4.9" = GSview 4.9 "HD Tune_is1" = HD Tune 2.55 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Multimedia keyboard utility" = Multimedia keyboard utility "MyDefrag v4.3.1_is1" = MyDefrag v4.3.1 "Orbit_is1" = Orbit Downloader "PDF Complete" = PDF Complete "Riot" = Riot - Radical Image Optimization Tool "Sandboxie" = Sandboxie 3.54 (32-bit) "Security Task Manager" = Security Task Manager 1.8d "SlickEdit 11.0.0" = SlickEdit 11.0.0 "Streamripper" = Streamripper (Remove only) "SumatraPDF" = SumatraPDF "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 2.0.1 "Winamp" = Winamp "WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.7 "xvid" = Xvid MPEG-4 Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > [/code] IP-Adresse: 188.93.20.179 Provider: Selectel Organisation: Selectel Network Karte zeigt Sibirien fritz.box: An error has occurred: {"stack":"Error: ENOTFOUND, Domain name not found\n at IOWatcher.callback (dns.js:74:15)","message":"ENOTFOUND, Domain name not found Auch abgesicherter Start (keine Erweiterungen) ändert nichts. Firefox beendet. Aber: Firefox mit einem anderen Profil findet fritz.box und wieistmeineip ist richtig. |
29.05.2012, 09:55 | #6 |
/// Helfer-Team | Firefox meldet anstelle meiner IP eine aus Moskau Vermutlich das bösartige MBR-Rootkit hat sich im MBR festgesetzt... Der Master Boot Record (MBR) der ersten Festplatte wird beim Start des Rechners geladen, noch vor dem Betriebssystem. Code, der Dort residiert, kann im Prinzip das Betriebssystem kontrollieren. Hast Du Vista-CD?
__________________ --> Firefox meldet anstelle meiner IP eine aus Moskau |
Themen zu Firefox meldet anstelle meiner IP eine aus Moskau |
administrator, antivir, audio, automatische, bluescreen, cache, check, dns, firefox, home, internet, ip verbogen nach moskau, ip-adresse, neues, not, plötzlich, problem, recovery, server, sp2, system, texte, tools, traffic, vista, windows |