habe bis jetzt immer Freunde und Bekannte helfen können aber mit diesem GVU Ransomware mit "Webcam" bin ich an die Grenze gekommen. Da ich zum ersten Mal poste, hoffe ich dass die Checklist respektiere, falls nicht seid bitte gnädig :-)
Code:
Alles auswählen Aufklappen ATTFilter
OTL logfile created on: 19.08.2012 02:35:07 - Run 1
OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 78,15% Memory free
4,23 Gb Paging File | 3,98 Gb Available in Paging File | 94,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,96 Gb Total Space | 34,17 Gb Free Space | 24,95% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,98 Gb Free Space | 59,77% Space Free | Partition Type: NTFS
Drive E: | 249,39 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 963,70 Mb Total Space | 212,45 Mb Free Space | 22,05% Space Free | Partition Type: FAT
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Windows\System32\DLAAPI_W.DLL ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MotoHelper) -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (DeviceMonitorService) -- C:\Programme\Motorola Media Link\NServiceEntry.exe (Nero AG)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (DSBrokerService) -- C:\Programme\DellSupport\brkrsvc.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (az7kj7ha) -- File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (CbFs) -- C:\Windows\System32\drivers\cbfs.sys (EldoS Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (Partizan) -- C:\Windows\System32\drivers\Partizan.sys (Greatis Software)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (VF0470Vid) -- C:\Windows\System32\drivers\V0470Vid.sys (Creative Technology Ltd.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BTCAMDRV) -- C:\Windows\System32\drivers\BTCamDrv.sys (Windows (R) 2000 DDK provider)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DSproct) -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv) -- C:\Programme\DellSupport\Drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (ZSMC211) -- C:\Windows\System32\drivers\ZS211.sys (ZSMC Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Programme\Elf_1.15\tbElf_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = Zbani
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKLM\..\SearchScopes\zbani: "URL" = hxxp://home.zbani.com/en/get/{searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 E4 31 53 90 72 CA 01 [binary data]
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\..\URLSearchHook: {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Programme\Elf_1.15\tbElf_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\..\SearchScopes,DefaultScope = Zbani
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\..\SearchScopes\{946633B6-634A-4517-B9CF-97747F32D185}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\..\SearchScopes\zbani: "URL" = hxxp://home.zbani.com/en/get/{searchTerms}
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com/?ar=3"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2010.9.0.6
FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.7.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\***\AppData\Roaming\Move Networks\plugins\npqmp071700000016.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.10.15 11:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\Seekmo@Seekmo.com: C:\Program Files\Seekmo\bin\11.0.96.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.01.21 20:11:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.25 10:23:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.09 15:05:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.15 18:42:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.01.21 21:51:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.01.21 20:11:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\***\AppData\Roaming\Move Networks [2011.01.31 08:56:35 | 000,000,000 | ---D | M]
[2011.01.21 21:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.01.21 21:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.18 18:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nq9gmdj9.default\extensions
[2010.05.03 13:54:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nq9gmdj9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.15 15:55:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nq9gmdj9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.05.23 20:15:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nq9gmdj9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.07.18 18:00:36 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nq9gmdj9.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
[2011.10.27 00:05:56 | 000,000,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nq9gmdj9.default\searchplugins\conduit.xml
[2009.03.11 19:59:40 | 000,001,632 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\nq9gmdj9.default\searchplugins\live-search.xml
[2012.08.09 15:05:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2007.03.30 22:34:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.08.09 15:42:52 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\***\APPDATA\ROAMING\14001.012
[2012.08.09 15:05:01 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.02 14:07:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.08.09 15:04:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.09 15:04:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.09 15:04:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.09 15:04:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.09 15:04:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.09 15:04:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\***\AppData\Roaming\Move Networks\plugins\npqmp071700000016.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Programme\Elf_1.15\tbElf_.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll̀ File not found
O3 - HKLM\..\Toolbar: (Elf 1.15 Toolbar) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - C:\Programme\Elf_1.15\tbElf_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1007699697-1921650499-201570165-1000\..\Toolbar\WebBrowser: (Elf 1.15 Toolbar) - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - C:\Programme\Elf_1.15\tbElf_.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C:\Windows\system32\V0470Ext.ax] C:\Windows\System32\V0470Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [V0470Mon.exe] C:\Windows\V0470Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe (ZSMCSNAP)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1007699697-1921650499-201570165-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-1007699697-1921650499-201570165-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DFF8A2C-B388-4719-B285-6F00AF30DE2A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE1B9AAF-FB3B-464E-9094-58F7C6BE9EB6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.01.13 00:03:27 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{008664ad-2790-11e0-8da2-bfbc14ee1da6}\Shell - "" = AutoRun
O33 - MountPoints2\{008664ad-2790-11e0-8da2-bfbc14ee1da6}\Shell\AutoRun\command - "" = H:\setup.exe -a
O33 - MountPoints2\{30147354-e45c-11e1-a0d4-e72d53ca6ff9}\Shell - "" = AutoRun
O33 - MountPoints2\{30147354-e45c-11e1-a0d4-e72d53ca6ff9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e203d549-da55-11dd-ae1f-f8920cac28ff}\Shell\0pen\command - "" = G:\Secret.exe
O33 - MountPoints2\{e203d549-da55-11dd-ae1f-f8920cac28ff}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\Secret.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.19 02:29:30 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.10 15:34:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Unity
[2012.08.10 13:28:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.013
[2012.08.10 12:37:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6EEB7BA8-45DF-42AA-A0E3-D1614657E262}
[2012.08.10 12:37:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{FA15C21D-7AF3-4325-9D16-C21F5F1D824F}
[2012.08.09 15:42:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\14001.012
[2012.08.09 15:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.08.09 15:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.08.09 13:42:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\10001.075
[2012.08.07 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\10001.074
[2012.08.07 12:28:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\10001.073
[2012.08.07 10:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.07 10:12:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.07 10:09:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\APN
[2012.08.04 14:22:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.08.04 14:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.08.04 14:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.08.04 14:15:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.08.04 14:15:05 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.08.04 14:15:05 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.08.04 14:15:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.08.04 14:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.04 14:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.08.04 13:59:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\UAs
[2012.08.02 17:02:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\10001.072
[2012.08.02 17:01:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xmldm
[2012.08.02 17:01:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\kock
[2009.07.07 11:20:37 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\***\AppData\Roaming\pcouffin.sys
[1 C:\Users\***\***\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.19 02:32:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.19 02:29:36 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.19 01:53:35 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.19 01:53:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.19 01:49:17 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2012.08.19 01:47:34 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.19 01:46:06 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.19 01:46:06 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 18:26:26 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.08.15 17:59:20 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.15 16:57:51 | 000,001,738 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.15 15:40:38 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Word 2007.lnk
[2012.08.15 11:53:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.15 11:53:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.14 18:53:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.14 12:00:52 | 000,061,100 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.14 12:00:52 | 000,015,184 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.14 12:00:52 | 000,013,514 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.14 12:00:52 | 000,007,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.12 13:02:44 | 000,000,951 | ---- | M] () -- C:\Users\***\Desktop\Internet Explorer.lnk
[2012.08.10 13:28:18 | 000,203,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\AcroIEHelpe187.dll
[2012.08.10 13:28:18 | 000,006,400 | ---- | M] () -- C:\Users\***\AppData\Roaming\BAcroIEHelpe187.dll
[2012.08.10 13:23:12 | 000,000,017 | ---- | M] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2012.08.09 16:22:11 | 000,092,672 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.09 14:24:01 | 000,000,037 | ---- | M] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2012.08.07 10:40:00 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.04 14:19:43 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.15 16:57:51 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.15 16:57:51 | 000,001,738 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.12 13:02:44 | 000,000,951 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer.lnk
[2012.08.10 13:28:18 | 000,203,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\AcroIEHelpe187.dll
[2012.08.10 13:28:18 | 000,006,400 | ---- | C] () -- C:\Users\***\AppData\Roaming\BAcroIEHelpe187.dll
[2012.08.09 13:27:59 | 000,000,037 | ---- | C] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2012.08.04 14:19:43 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.08.04 14:15:36 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.08.02 17:01:57 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2011.09.02 10:47:38 | 000,130,044 | ---- | C] () -- C:\Users\***\ESt2010_***.elfo
[2011.06.28 13:46:54 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{A1CBA88E-DBAA-4FE3-8CF0-58A58C6F1E57}
[2011.06.01 15:49:17 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{1CA23901-01C9-4B6B-81A5-01D47DE8D23A}
[2011.03.11 19:26:20 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2011.03.11 19:25:22 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2011.03.11 19:23:26 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2011.03.11 19:23:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2011.01.19 10:17:13 | 000,001,940 | ---- | C] () -- C:\Users\***\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009.07.07 11:20:37 | 000,087,608 | ---- | C] () -- C:\Users\***\AppData\Roaming\inst.exe
[2009.07.07 11:20:37 | 000,007,887 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.cat
[2009.07.07 11:20:37 | 000,001,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\pcouffin.inf
[2009.01.01 22:43:43 | 000,253,052 | ---- | C] () -- C:\Users\***\AppData\Local\esswqey_nav.dat
[2009.01.01 22:43:13 | 000,003,227 | ---- | C] () -- C:\Users\***\AppData\Local\esswqey.dat
[2009.01.01 22:43:13 | 000,000,328 | ---- | C] () -- C:\Users\***\AppData\Local\esswqey_navps.dat
[2009.01.01 22:43:12 | 000,000,096 | ---- | C] () -- C:\Users\***\AppData\Local\esswqey.bat
[2008.01.08 22:15:00 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2007.11.21 15:53:34 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.04.15 17:54:51 | 000,055,228 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdb.bin
[2007.04.07 18:32:12 | 014,130,068 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2007.02.23 16:20:25 | 000,000,212 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2007.02.22 20:54:10 | 000,092,672 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2012.08.02 17:02:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\10001.072
[2012.08.07 12:28:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\10001.073
[2012.08.07 13:23:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\10001.074
[2012.08.09 13:42:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\10001.075
[2012.08.09 15:42:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\14001.012
[2012.08.10 13:28:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\14001.013
[2012.08.05 17:34:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2011.11.01 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2009.01.11 13:08:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DiskAid
[2011.11.10 12:34:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2009.08.19 13:55:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeCall
[2011.05.08 19:23:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2008.01.05 19:23:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GoodSync
[2012.08.02 17:01:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2012.06.26 07:49:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2012.06.03 13:07:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\motorola
[2008.08.09 20:14:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\muvee Technologies
[2011.10.29 20:24:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NCH Swift Sound
[2010.04.18 14:04:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.04.18 14:04:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2011.12.15 11:07:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.04.18 14:02:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2009.10.17 21:26:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PoivY
[2007.02.23 16:21:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2009.12.13 20:02:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thinstall
[2011.01.21 21:51:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.08.14 18:49:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tific
[2007.12.15 20:06:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2012.08.10 12:06:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2012.08.10 15:34:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity
[2008.09.25 14:18:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VoipBuster
[2007.05.21 14:33:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VoipCheapCom
[2012.07.31 13:23:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VoipGain
[2007.03.09 20:27:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VoipStunt
[2009.07.07 11:21:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vso
[2011.09.04 10:20:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2012.08.10 12:06:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2012.08.08 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZumoDrive
[2009.03.14 19:38:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2009.03.14 19:38:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012.08.19 01:49:17 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2012.08.14 18:53:09 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.01.31 19:37:55 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9AF9864E-20F0-4FF5-A55E-9D83729C511E}.job
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012.03.17 17:28:25 | 000,000,495 | ---- | M] ()(C:\Users\***\Desktop\???? ??????.lnk) -- C:\Users\***\Desktop\سورة البقرة.lnk
[2012.03.17 17:25:49 | 000,000,495 | ---- | C] ()(C:\Users\***\Desktop\???? ??????.lnk) -- C:\Users\***\Desktop\سورة البقرة.lnk
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\SightSpeed Recordings:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Notes:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\My Skype Wallpapers:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\My Skype Pictures:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\My Skype Content:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\My PSP Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Eigene Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:ECE4A64B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6B364EF3
< End of report >
19.08.2012, 02:26
Baum-Darstellung