JS/Blacole.GB.158 Infektion

Forelli · 16.06.2013, 14:49

Hallo Board,

ich benötige bitte Hilfe bei der Bereinigung einer JS/Blacole.GB.158 Infektion. Die Infektion besteht vermutlich seit dem 14.06. durch Besuch eines gehackten Forums. Der Admin hat darauf hingewiesen, dass das Forum gehackt wurde und Besucher möglicherweise mit Blacole infiziert sein könnten.

Ein Scan mit Avira verlief positiv; der TR/Offend im LazyNewbPack ist ein false positive.
JS/Blacole wurde in Quarantäne verschoben, TR/Offend ignoriert.
Hier das Avira logfile:

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 15. Juni 2013  00:44


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : Kolja
Computername   : KEN

Versionsinformationen:
BUILD.DAT      : 13.0.0.3640          Bytes  18.04.2013 13:29:00
AVSCAN.EXE     : 13.6.0.1262   636984 Bytes  08.05.2013 04:32:09
AVSCANRC.DLL   : 13.4.0.360     64800 Bytes  04.03.2013 16:10:07
LUKE.DLL       : 13.6.0.1262    65080 Bytes  08.05.2013 04:32:37
AVSCPLR.DLL    : 13.6.0.1262    92216 Bytes  08.05.2013 04:32:09
AVREG.DLL      : 13.6.0.1262   247864 Bytes  08.05.2013 04:32:07
avlode.dll     : 13.6.2.1262   432184 Bytes  08.05.2013 04:32:06
avlode.rdf     : 13.0.1.12      25921 Bytes  17.05.2013 21:16:46
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 18:21:29
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 14:54:46
VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 14:52:52
VBASE003.VDF   : 7.11.80.61      2048 Bytes  28.05.2013 14:52:53
VBASE004.VDF   : 7.11.80.62      2048 Bytes  28.05.2013 14:52:53
VBASE005.VDF   : 7.11.80.63      2048 Bytes  28.05.2013 14:52:53
VBASE006.VDF   : 7.11.80.64      2048 Bytes  28.05.2013 14:52:53
VBASE007.VDF   : 7.11.80.65      2048 Bytes  28.05.2013 14:52:53
VBASE008.VDF   : 7.11.80.66      2048 Bytes  28.05.2013 14:52:53
VBASE009.VDF   : 7.11.80.67      2048 Bytes  28.05.2013 14:52:53
VBASE010.VDF   : 7.11.80.68      2048 Bytes  28.05.2013 14:52:53
VBASE011.VDF   : 7.11.80.69      2048 Bytes  28.05.2013 14:52:53
VBASE012.VDF   : 7.11.80.70      2048 Bytes  28.05.2013 14:52:53
VBASE013.VDF   : 7.11.80.71      2048 Bytes  28.05.2013 14:52:53
VBASE014.VDF   : 7.11.81.57    145408 Bytes  29.05.2013 10:24:11
VBASE015.VDF   : 7.11.81.137   130048 Bytes  30.05.2013 19:06:15
VBASE016.VDF   : 7.11.81.255   207360 Bytes  31.05.2013 05:25:03
VBASE017.VDF   : 7.11.82.91    156160 Bytes  03.06.2013 05:09:26
VBASE018.VDF   : 7.11.82.169   220160 Bytes  04.06.2013 11:09:24
VBASE019.VDF   : 7.11.83.27    325632 Bytes  06.06.2013 04:30:08
VBASE020.VDF   : 7.11.83.121   320512 Bytes  07.06.2013 04:30:09
VBASE021.VDF   : 7.11.83.210   244736 Bytes  10.06.2013 22:35:41
VBASE022.VDF   : 7.11.84.59    333824 Bytes  12.06.2013 13:04:08
VBASE023.VDF   : 7.11.84.163   264192 Bytes  14.06.2013 12:51:49
VBASE024.VDF   : 7.11.84.164     2048 Bytes  14.06.2013 12:51:49
VBASE025.VDF   : 7.11.84.165     2048 Bytes  14.06.2013 12:51:49
VBASE026.VDF   : 7.11.84.166     2048 Bytes  14.06.2013 12:51:49
VBASE027.VDF   : 7.11.84.167     2048 Bytes  14.06.2013 12:51:49
VBASE028.VDF   : 7.11.84.168     2048 Bytes  14.06.2013 12:51:49
VBASE029.VDF   : 7.11.84.169     2048 Bytes  14.06.2013 12:51:49
VBASE030.VDF   : 7.11.84.170     2048 Bytes  14.06.2013 12:51:49
VBASE031.VDF   : 7.11.84.208   112128 Bytes  14.06.2013 22:38:00
Engineversion  : 8.2.12.60 
AEVDF.DLL      : 8.1.3.4       102774 Bytes  13.06.2013 14:10:36
AESCRIPT.DLL   : 8.1.4.122     487806 Bytes  13.06.2013 14:10:36
AESCN.DLL      : 8.1.10.4      131446 Bytes  26.03.2013 20:12:44
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 19:24:02
AERDL.DLL      : 8.2.0.128     688504 Bytes  13.06.2013 14:10:36
AEPACK.DLL     : 8.3.2.16      754041 Bytes  11.06.2013 22:35:44
AEOFFICE.DLL   : 8.1.2.56      205180 Bytes  08.03.2013 15:43:23
AEHEUR.DLL     : 8.1.4.412    5955962 Bytes  13.06.2013 14:10:35
AEHELP.DLL     : 8.1.27.2      266617 Bytes  04.06.2013 22:02:04
AEGEN.DLL      : 8.1.7.4       442741 Bytes  08.05.2013 13:22:56
AEEXP.DLL      : 8.4.0.34      201079 Bytes  04.06.2013 22:02:14
AEEMU.DLL      : 8.1.3.2       393587 Bytes  10.07.2012 19:06:20
AECORE.DLL     : 8.1.31.2      201080 Bytes  19.02.2013 16:48:26
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 13:59:53
AVWINLL.DLL    : 13.6.0.480     26480 Bytes  04.03.2013 16:09:19
AVPREF.DLL     : 13.6.0.480     51056 Bytes  04.03.2013 16:10:06
AVREP.DLL      : 13.6.0.480    178544 Bytes  04.03.2013 16:11:32
AVARKT.DLL     : 13.6.0.1262   258104 Bytes  08.05.2013 04:31:58
AVEVTLOG.DLL   : 13.6.0.1262   164920 Bytes  08.05.2013 04:32:03
SQLITE3.DLL    : 3.7.0.1       397704 Bytes  04.03.2013 16:11:04
AVSMTP.DLL     : 13.6.0.480     62832 Bytes  04.03.2013 16:10:10
NETNT.DLL      : 13.6.0.480     16240 Bytes  04.03.2013 16:10:50
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  04.03.2013 16:09:21
RCTEXT.DLL     : 13.6.0.976     69344 Bytes  27.03.2013 15:19:21

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: -PHISH,

Beginn des Suchlaufs: Samstag, 15. Juni 2013  00:44

Der Suchlauf über die Masterbootsektoren wird begonnen:

Der Suchlauf über die Bootsektoren wird begonnen:

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]   Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'Last.fm Scrobbler.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'HidFind.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLG.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuSchd2.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'Monitor.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCMService.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRAY.EXE' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'OpWareSE4.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'TSVNCache.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'ForceField.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '82' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '6017' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
    [0] Archivtyp: Runtime Packed
    --> C:\LazyNewbPack[0.31.25][V9.2].zip.vir
        [1] Archivtyp: ZIP
      --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/B-Advanced/Quickfort/Quickfort 2.00/qfconvert.exe
          [2] Archivtyp: RSRC
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfattachtest.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6835015
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfautodump.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6834930
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfcleanmap.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6741778
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfflows.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6739421
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dflair.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6877699
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfposition.exe
            [FUND]      Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Offend.691503
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dftubefill.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6739549
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfunreveal.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6959315.1
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfvdig.exe
            [FUND]      Ist das Trojanische Pferd TR/Agent.25088.133
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
        --> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfweather.exe
            [FUND]      Ist das Trojanische Pferd TR/Offend.6744850
            [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\LazyNewbPack[0.31.25][V9.2].zip.vir
  [FUND]      Ist das Trojanische Pferd TR/Offend.6744850
C:\Users\Kolja\AppData\Local\Mozilla\Firefox\Profiles\v8p38qw0.default\Cache\8\F4\6C76Bd01
  [FUND]      Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.158
Beginne mit der Suche in 'D:\' <RECOVERY>

Beginne mit der Desinfektion:
C:\Users\Kolja\AppData\Local\Mozilla\Firefox\Profiles\v8p38qw0.default\Cache\8\F4\6C76Bd01
  [FUND]      Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.158
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54653d65.qua' verschoben!
C:\LazyNewbPack[0.31.25][V9.2].zip.vir
  [FUND]      Ist das Trojanische Pferd TR/Offend.6744850
  [WARNUNG]   Die Datei wurde ignoriert.


Ende des Suchlaufs: Sonntag, 16. Juni 2013  12:24
Benötigte Zeit: 35:23:48 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  51224 Verzeichnisse wurden überprüft
 1383424 Dateien wurden geprüft
     12 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1383412 Dateien ohne Befall
  15048 Archive wurden durchsucht
     11 Warnungen
      2 Hinweise
 1002689 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden

Ich habe defogger ausgeführt, hier ist das logfile

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:29 on 16/06/2013 (Kolja)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

Außerdem habe ich die Ergebnisse von OTL, OTL.txt:

Code:

ATTFilter

OTL logfile created on: 16.06.2013 12:44:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kolja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19437)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,87% Memory free
6,20 Gb Paging File | 5,10 Gb Available in Paging File | 82,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 54,16 Gb Free Space | 24,59% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,24 Gb Free Space | 42,35% Space Free | Partition Type: NTFS
 
Computer Name: KEN | User Name: Kolja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.16 12:41:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.08 06:32:04 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.27 17:19:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 17:19:31 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.27 17:19:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.08.22 14:01:18 | 004,412,872 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2010.07.16 17:32:34 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- c:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.11.03 21:04:01 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008.05.04 11:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008.05.04 11:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008.05.04 11:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008.05.04 11:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008.05.02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007.12.21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
PRC - [2007.11.12 13:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.06.28 15:05:40 | 000,131,072 | ---- | M] (Dell) -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe
PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.03.12 19:10:36 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.13 17:57:03 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.10 19:35:43 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\403900299d88edc5153065e5aed726e7\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 07:52:22 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011.07.18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2009.03.30 06:42:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.03 14:28:14 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.12 00:51:42 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.19 00:06:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.27 17:19:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 17:19:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.08.22 14:01:18 | 004,412,872 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.08.07 14:32:11 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.29 16:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.02.20 14:48:43 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.09.01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2008.11.03 21:31:41 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.11.03 21:04:01 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008.05.02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.06.28 15:05:40 | 000,131,072 | ---- | M] (Dell) [Auto | Running] -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe -- (deMntrService)
SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2013.03.27 17:20:00 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.27 17:20:00 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.27 17:20:00 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.04 18:11:31 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.09.24 17:44:06 | 000,145,408 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\System32\drivers\ui11drdr.SYS -- (ui11drdr)
DRV - [2012.08.07 13:50:58 | 000,365,056 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2012.06.15 11:39:24 | 000,289,152 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2012.04.18 22:04:40 | 000,017,408 | ---- | M] (MARX Datentechnik GmbH ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CBN.SYS -- (CBN)
DRV - [2011.11.03 16:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.08.25 13:58:48 | 000,046,720 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2011.08.10 16:05:24 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2011.05.07 18:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.11.18 02:36:02 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010.07.25 19:47:52 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009.03.13 12:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2008.06.23 14:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.05.04 11:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.03.06 09:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.02.29 13:51:30 | 000,460,544 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.11.12 13:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.06 18:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.06 18:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.06 18:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.06 07:59:24 | 000,017,536 | ---- | M] (Olivetti-Engineering SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\desrvusb.sys -- (DESVUSB)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2081104
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE_de
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=P9tCKqVvIH1B83UwTjy22RAjeXk?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://partnerpage.google.com/dell.com/de_de?hl=de&client=dell-row&channel=de&ibd=2081104"
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.5
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.05.19 22:36:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 00:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.19 00:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009.06.09 00:04:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 20:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 00:06:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.19 00:06:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 20:41:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2008.11.17 11:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Extensions
[2009.09.22 20:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2009.09.22 20:13:42 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2009.09.22 20:13:45 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2008.12.28 19:57:25 | 000,000,000 | ---D | M] (SafeCache) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839}
[2009.09.22 20:22:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008.12.28 19:57:25 | 000,000,000 | ---D | M] (Temporary Inbox) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{ac1e10b8-206d-4746-a18e-0483852dc20b}
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008.12.28 19:57:24 | 000,000,000 | ---D | M] (Media Pirate - The video downloader) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{cc265d3d-3f6f-0170-a78b-bbbaef7a868c}
[2009.09.22 20:13:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.12.28 19:57:24 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (DT Whois) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\beysim@beysim.net
[2009.09.22 20:13:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\elemhidehelper@adblockplus.org
[2008.12.28 19:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\toolbar_extras@de.yahoo.com
[2013.06.16 08:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions
[2013.02.09 11:55:24 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013.05.31 12:26:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.25 11:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\nostmp
[2009.10.15 10:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions
[2009.06.09 10:37:02 | 000,000,000 | ---D | M] (MinimizeToTray [de]) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}
[2009.07.09 23:00:50 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2009.06.17 10:21:25 | 000,000,000 | ---D | M] (Minimize To Tray Enhancer) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2013.06.12 15:03:04 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.05.27 14:13:54 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.06.16 08:40:42 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013.05.09 20:46:52 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.24 15:44:17 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2009.05.21 14:43:50 | 000,000,931 | ---- | M] () -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\searchplugins\dictionary.xml
[2013.05.19 00:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.05.19 00:06:20 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2013.05.19 00:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.05.19 00:06:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe]  File not found
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISW]  File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD66A9BC-A675-4792-BF15-AD0D3DE488A0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B132EC71-7A1A-4CAE-97C1-5ECE0779137E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kolja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kolja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.07 06:18:40 | 000,000,000 | ---D | M] - C:\AutoCAD 2006 -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6c819991-1396-11e1-bbac-00219be5c505}\Shell - "" = AutoRun
O33 - MountPoints2\{6c819991-1396-11e1-bbac-00219be5c505}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{eec6e07a-57fb-11de-8a23-00219be5c505}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.16 12:41:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe
[2013.06.16 12:25:12 | 000,000,000 | ---D | C] -- C:\Users\Kolja\Desktop\Blacole Scan
[2013.06.14 18:47:28 | 000,000,000 | ---D | C] -- C:\Users\Kolja\Desktop\Lexware Unterlagen
[2013.06.12 18:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
[2013.06.12 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Kolja\D-Fend Reloaded
[2013.06.12 18:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded
[2013.06.12 17:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenwood Entertainment
[2013.06.12 17:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Der Planer 1
[2013.05.27 20:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.05.19 00:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.16 12:41:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe
[2013.06.16 12:33:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 12:33:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 12:33:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.16 12:32:52 | 3208,716,288 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.16 12:30:02 | 000,000,020 | ---- | M] () -- C:\Users\Kolja\defogger_reenable
[2013.06.16 12:28:30 | 000,050,477 | ---- | M] () -- C:\Users\Kolja\Desktop\Defogger.exe
[2013.06.16 11:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.16 09:01:52 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.06.14 18:40:57 | 000,131,790 | ---- | M] () -- C:\Users\Kolja\Desktop\login_seite.jpg
[2013.06.12 17:48:49 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\Der Planer 1.lnk
[2013.06.08 23:57:14 | 000,304,160 | ---- | M] () -- C:\PA7302.DAT
[2013.06.01 21:07:48 | 000,006,156 | ---- | M] () -- C:\Users\Kolja\Desktop\C -Dokumente und Einstellungen-Mipo-Desktop-MIPOKOKO-Liege-1.pdf
[2013.05.27 20:41:59 | 000,384,187 | ---- | M] () -- C:\Users\Kolja\Desktop\RG Gutschein gemindert0001.pdf
[2013.05.24 21:32:41 | 000,644,298 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.24 21:32:41 | 000,609,156 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.24 21:32:41 | 000,134,004 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.24 21:32:41 | 000,110,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.20 22:37:47 | 009,274,969 | ---- | M] () -- C:\Users\Kolja\Desktop\pka.pdf
[2013.05.17 23:08:56 | 000,384,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.16 12:29:37 | 000,000,020 | ---- | C] () -- C:\Users\Kolja\defogger_reenable
[2013.06.16 12:28:29 | 000,050,477 | ---- | C] () -- C:\Users\Kolja\Desktop\Defogger.exe
[2013.06.14 18:40:57 | 000,131,790 | ---- | C] () -- C:\Users\Kolja\Desktop\login_seite.jpg
[2013.06.12 17:46:05 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\Der Planer 1.lnk
[2013.06.01 21:07:48 | 000,006,156 | ---- | C] () -- C:\Users\Kolja\Desktop\C -Dokumente und Einstellungen-Mipo-Desktop-MIPOKOKO-Liege-1.pdf
[2013.05.27 20:41:59 | 000,384,187 | ---- | C] () -- C:\Users\Kolja\Desktop\RG Gutschein gemindert0001.pdf
[2013.05.20 22:37:28 | 009,274,969 | ---- | C] () -- C:\Users\Kolja\Desktop\pka.pdf
[2013.01.07 21:58:30 | 000,000,218 | ---- | C] () -- C:\Users\Kolja\.recently-used.xbel
[2012.09.11 23:03:00 | 000,005,870 | ---- | C] () -- C:\Users\Kolja\AppData\Local\recently-used.xbel
[2012.05.01 21:49:26 | 000,164,193 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.05.01 21:48:51 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.04.18 22:06:06 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CBNDLL.DLL
[2012.04.18 22:03:11 | 000,343,040 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2012.04.18 22:03:11 | 000,116,736 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2012.04.18 22:03:11 | 000,068,096 | ---- | C] () -- C:\Windows\System32\lfplt11n.dll
[2012.04.17 21:52:31 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012.03.05 12:46:48 | 000,000,600 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\winscp.rnd
[2011.08.29 20:43:55 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.08.29 20:43:55 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.02.20 14:52:54 | 000,000,093 | ---- | C] () -- C:\Users\Kolja\AppData\Local\fusioncache.dat
[2011.01.18 20:10:22 | 000,000,428 | ---- | C] () -- C:\Users\Kolja\cademia.ini
[2010.10.23 14:47:45 | 000,011,247 | ---- | C] () -- C:\Users\Kolja\gsview32.ini
[2010.08.31 15:49:51 | 000,000,106 | ---- | C] () -- C:\Users\Kolja\.bouml
[2010.08.31 15:48:19 | 000,000,150 | ---- | C] () -- C:\Users\Kolja\.boumlrc
[2009.05.15 11:30:23 | 000,010,599 | ---- | C] () -- C:\Users\Kolja\_elster_2048.pfx
[2009.01.28 10:28:39 | 000,000,600 | ---- | C] () -- C:\Users\Kolja\AppData\Local\PUTTY.RND
[2008.12.30 22:21:13 | 000,000,796 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\wklnhst.dat
[2008.12.28 20:05:13 | 000,403,052 | ---- | C] () -- C:\Users\Kolja\jap.conf
[2008.12.21 17:04:40 | 000,006,648 | ---- | C] () -- C:\Users\Kolja\AppData\Local\d3d9caps.dat
[2008.11.17 15:09:30 | 000,024,064 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\UserTile.png
[2008.11.17 12:22:07 | 000,120,832 | ---- | C] () -- C:\Users\Kolja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.03.28 15:44:38 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\1&1
[2012.05.05 22:57:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Audacity
[2011.07.02 18:21:07 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Autodesk
[2011.11.13 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\CheckPoint
[2008.12.21 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools
[2009.06.02 12:55:23 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools Lite
[2008.12.21 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools Pro
[2010.02.22 19:02:29 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DeepBurner
[2011.02.15 21:21:20 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DVDVideoSoft
[2011.05.19 17:55:24 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\elsterformular
[2009.10.05 15:42:27 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FLV Extract
[2013.06.14 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\foobar2000
[2011.08.29 20:43:52 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FreePDF
[2010.03.03 10:37:57 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FVZilla
[2013.03.02 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\GrooveWalrus
[2012.09.03 20:54:52 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\gtk-2.0
[2012.09.12 21:35:38 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\inkscape
[2009.06.22 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\IrfanView
[2009.09.22 19:55:53 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\JonDo
[2009.03.16 16:14:23 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\KhomsanPh
[2009.08.10 17:29:39 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Miranda
[2012.03.30 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Notepad++
[2008.11.17 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\OpenOffice.org
[2010.12.12 15:23:46 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\PCDr
[2008.11.17 15:09:29 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\PeerNetworking
[2009.03.28 10:05:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\rockbox.org
[2011.11.20 20:16:27 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Sony
[2011.11.20 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Sony Setup
[2010.05.12 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Subversion
[2008.12.30 22:21:14 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Template
[2012.03.08 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Thunderbird
[2010.04.30 15:11:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Transcend
[2010.10.14 10:52:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\UDP Software
[2012.10.28 22:02:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\UFOAI
[2009.08.01 18:39:06 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Uniblue
 
========== Purity Check ==========
 
 

< End of report >

und Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 16.06.2013 12:44:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kolja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19437)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,87% Memory free
6,20 Gb Paging File | 5,10 Gb Available in Paging File | 82,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 54,16 Gb Free Space | 24,59% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,24 Gb Free Space | 42,35% Space Free | Partition Type: NTFS
 
Computer Name: KEN | User Name: Kolja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = AutoCADScriptFile] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Free Video Zilla\FVZilla.exe" = C:\Program Files\Free Video Zilla\FVZilla.exe:*:Enabled:FVZilla -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B6390C5-449B-4DD2-A2A7-48ABFE775754}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{433A9AAF-D2F3-4F07-9377-8D9F88C05A79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47AE5147-4EDD-4F65-A44F-F690627E92D7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6FF52260-FB37-47B2-8CA1-16F4FFD1AC7D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{746D91EB-8DD7-4FEC-90DF-A7D963094B62}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AE31AF05-77F5-41AF-B044-D1D83EED9FCC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BDEC205E-BB07-4B32-A0AB-F8A43F03585C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C522C89D-EAA6-4704-A4A7-25990CBFD485}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D81A31E1-A993-4F79-8845-D5795CFB567E}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028FB875-F191-4192-B58D-DF0A310C51D9}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{04AE63A1-FC37-42CF-AED8-0D89648D4AFE}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{04EA802C-59BD-481A-9C3D-44B44DA885A2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mmm\counter-strike\hl.exe | 
"{0652E0AE-ED6E-4511-880A-341C65FEAA7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A57E27F-D7E4-41EF-989B-7AE67087B4CF}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{1F0FCBB9-5EA7-4418-BC23-F6496AAC5373}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{2DDD7258-A32A-4BE4-BD68-795B188C8C70}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mmm\counter-strike\hl.exe | 
"{33F0EE8E-1F98-40D2-A3AA-B4DD36A31B51}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{44978D35-09A9-4263-8664-3EE351914D00}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{453885A0-C26C-4900-B855-C246197D7128}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{49ED0CC6-F097-4A67-8451-679CA5058E52}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{4B65D8F8-9ABF-4F7A-9484-723B9C94F379}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5649739A-BA89-4572-AAB1-8069DCDA123F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5B3D1C26-1A80-4BC6-9EB2-D41780544A51}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5D6DA21D-6975-41E1-89BD-66ACB4CEFEB5}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{61FE656C-AE1D-404B-9199-225A60028DC9}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{66C07633-7367-4766-9B0D-5CE2ECBAA410}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{6760E8DB-19DC-43A5-A6C9-27E1CA322D84}" = protocol=6 | dir=out | app=system | 
"{685B5C88-4202-4A40-947B-A4EC76CEE3EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72E90EA2-89AF-4BEB-A376-115AA76FE20C}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{78C7DDCD-117B-4CFE-9B19-07CCFC66518F}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{79CC6DF5-0C6A-4CBA-B747-9162E33F6D21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{83B97AE6-0827-487F-BB8A-1F956CB5B78A}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{898F8F8A-E91D-4FD0-B8EE-E0E0EBB076E6}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{8B78EB47-E046-49E0-BEDF-0795AE587A0E}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe | 
"{A310EF3A-77DF-40F9-9F26-6B749DC3C9E8}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{A6DA462C-EFBC-4B94-AF23-DF72A584A61E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{B0ED171B-C7C9-4050-8D11-740C9393A958}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C1B47416-9FF1-4748-BCFC-0D8E746B312C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C263726D-4FD9-460B-B0FC-91F2554ADC05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CFD817DE-D573-4FFF-B684-9504A3F11CCF}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{D52445DF-4696-46DA-A64B-DA669C0191AC}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{D8C00789-E408-4081-829A-18132B811926}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DF3217AF-0B2A-4466-B9B5-087FA13CD4F1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E0701F89-1B9F-4402-8365-5D2A0CF59354}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{E166DC6A-567C-41E2-9E8F-B11F04182F78}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{E585ABB1-D157-4BB5-A07C-D639280FF8A8}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{EF06733F-D57A-43A5-BA15-3A721EF01D4D}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{FC785247-E88C-4585-9627-F7A0D793375E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{429A3810-A1D7-40E7-ACFE-A76ADAAB65C5}C:\program files\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\program files\nwn\nwmain.exe | 
"TCP Query User{C0543E5A-05D3-4B3D-9A85-3E39401953ED}C:\program files\nwn\nwserver.exe" = protocol=6 | dir=in | app=c:\program files\nwn\nwserver.exe | 
"UDP Query User{123871A1-14DA-4839-8ECE-3D84AAD15A2E}C:\program files\nwn\nwserver.exe" = protocol=17 | dir=in | app=c:\program files\nwn\nwserver.exe | 
"UDP Query User{BA858A72-564D-4B7A-B5F2-764DC328612D}C:\program files\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\program files\nwn\nwmain.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00762C8C-31A8-4892-9960-587872CAE77C}" = Dell All-In-One Center
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}" = Sentinel Runtime
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{500ECB5F-B2E8-4A46-80FF-FFFDB7AFC103}" = ScanSoft OmniPage SE 4
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5783F2D7-4001-0407-0002-0060B0CE6BBA}" = AutoCAD 2006 - Deutsch
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6A23CD7D-7A85-4D3E-8CF9-006F98A60B9F}" = SEMA Holzbausoftware V12.1 (de)
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75B9B1F8-0F07-11D6-A801-0050FC209733}" = Capitalism II
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9cc89170-000b-457d-91f1-53691f85b223}" = Python 2.6.1
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A3C76924-B911-4766-A1FD-367D13277CB3}_is1" = GrooveWalrus 0.382
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC VGA Camer@ Plus
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEC98AB1-991D-4A2D-9FDD-10F3DEBAF568}" = Dell Photo AIO 928
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC610A5F-4957-4CA3-8825-D91D5D492086}" = ActivePerl 5.12.2 Build 1202
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.231
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8D315CF-615E-3AAC-ABF6-C0FA91EDDDBA}" = Microsoft Visual C# 2008 Express Edition with SP1 - DEU
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Office-Drive Manager" = 1&1 Office-Drive Manager
"7-Zip" = 7-Zip 4.64
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dell Support Center" = Dell Support Center
"Der Planer 1" = Der Planer 1
"D-Fend Reloaded" = D-Fend Reloaded 1.3.3 (deinstallieren)
"dm Fotowelt" = dm Fotowelt
"ElsterFormular 11.4.1.4323" = ElsterFormular Upgrade
"foobar2000" = foobar2000 v1.2.3
"Free FLV to AVI MP4 3GP WMV MP3 Converter_is1" = Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2
"Free Video Zilla_is1" = Free Video Zilla
"FreePDF_XP" = FreePDF (Remove only)
"GIMP-2_is1" = GIMP 2.8.2
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"Hydrogen" = Hydrogen
"Inkscape" = Inkscape 0.48.2
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm Scrobbler 2.1.33
"MechCommander2 1.0" = Microsoft MechCommander 2
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual C# 2008 Express Edition with SP1 - DEU" = Microsoft Visual C# 2008 Express Edition mit SP1 - DEU
"MiKTeX 2.8" = MiKTeX 2.8
"Miranda IM" = Miranda IM 0.8.3
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"musikCube" = musikCube 1.0
"Notepad++" = Notepad++
"OptiPNG-UI1.0.0.2" = OptiPNG-UI
"PokerStars" = PokerStars
"PuTTY_is1" = PuTTY version 0.62
"R for Windows 2.11.1_is1" = R for Windows 2.11.1
"Recuva" = Recuva
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RuckZuck 4.0" = RuckZuck 4.0
"Secunia PSI" = Secunia PSI
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows
"Steam App 10" = Counter-Strike
"SystemRequirementsLab" = System Requirements Lab
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VLC media player" = VLC media player 2.0.2
"WinMerge_is1" = WinMerge 2.12.4
"WinPcapInst" = WinPcap 4.1.1
"winscp3_is1" = WinSCP 4.3.7
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0cb53dcd03c12ddd" = Blitzableiter
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.06.2013 11:47:47 | Computer Name = Ken | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cmd.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918bde, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x033900a5,  Prozess-ID 0xa40, Anwendungsstartzeit
 01ce67842fa0b363.
 
Error - 12.06.2013 11:48:04 | Computer Name = Ken | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cmd.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918bde, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x033600a5,  Prozess-ID 0x8d8, Anwendungsstartzeit
 01ce678439ade1c3.
 
Error - 13.06.2013 04:05:38 | Computer Name = Ken | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.06.2013 04:18:09 | Computer Name = Ken | Source = Perflib | ID = 1010
Description = 
 
Error - 13.06.2013 04:18:11 | Computer Name = Ken | Source = Perflib | ID = 1008
Description = 
 
Error - 14.06.2013 02:47:20 | Computer Name = Ken | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.06.2013 03:00:05 | Computer Name = Ken | Source = Perflib | ID = 1010
Description = 
 
Error - 15.06.2013 03:00:07 | Computer Name = Ken | Source = Perflib | ID = 1008
Description = 
 
Error - 16.06.2013 03:00:06 | Computer Name = Ken | Source = Perflib | ID = 1010
Description = 
 
Error - 16.06.2013 06:34:37 | Computer Name = Ken | Source = WinMgmt | ID = 10
Description = 
 
[ Broadcom Wireless LAN Events ]
Error - 08.06.2009 08:36:56 | Computer Name = Ken | Source = WLAN-Tray | ID = 0
Description = 14:36:56, Mon, Jun 08, 09 Error - User "" does not have administrative
 privileges on this system 
 
Error - 21.06.2009 09:38:22 | Computer Name = Ken | Source = WLAN-Tray | ID = 0
Description = 15:38:21, Sun, Jun 21, 09 Error - Unable to gain access to user store

 
Error - 05.11.2012 15:56:05 | Computer Name = Ken | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
 Adapter Manager Container) 
 
[ System Events ]
Error - 12.06.2013 10:45:01 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.06.2013 10:50:36 | Computer Name = Ken | Source = bowser | ID = 8003
Description = 
 
Error - 12.06.2013 15:14:40 | Computer Name = Ken | Source = bowser | ID = 8003
Description = 
 
Error - 13.06.2013 04:05:39 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.06.2013 12:57:57 | Computer Name = Ken | Source = bowser | ID = 8003
Description = 
 
Error - 14.06.2013 02:47:21 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 14.06.2013 13:41:29 | Computer Name = Ken | Source = bowser | ID = 8003
Description = 
 
Error - 15.06.2013 09:06:37 | Computer Name = Ken | Source = bowser | ID = 8003
Description = 
 
Error - 16.06.2013 06:19:30 | Computer Name = Ken | Source = bowser | ID = 8003
Description = 
 
Error - 16.06.2013 06:34:39 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

gmer.exe hat bei mir mehrmals nicht funktioniert mit dem Hinweis "gmer.exe funktioniert nicht mehr" von Windows. Nachdem ich versehentlich zwei Versuche ohne zwischenzeitlichen Reboot gestartet hatte, ist das ganze System mit Bluescreen abgestürzt.
Der Absturz kam jeweils während des laufenden Scans. Virenscanner war aus, Netzwerkkabel abgezogen.

Vielen Dank schonmal im Voraus für eure Hilfe.
:)

JS/Blacole.GB.158 Infektion

Plagegeister aller Art und deren Bekämpfung: JS/Blacole.GB.158 Infektion

JS/Blacole.GB.158 Infektion

Ähnliche Themen: JS/Blacole.GB.158 Infektion