JS/Blacole.GB.158 Infektion
Hallo Board,
ich benötige bitte Hilfe bei der Bereinigung einer JS/Blacole.GB.158 Infektion. Die Infektion besteht vermutlich seit dem 14.06. durch Besuch eines gehackten Forums. Der Admin hat darauf hingewiesen, dass das Forum gehackt wurde und Besucher möglicherweise mit Blacole infiziert sein könnten.
Ein Scan mit Avira verlief positiv; der TR/Offend im LazyNewbPack ist ein false positive.
JS/Blacole wurde in Quarantäne verschoben, TR/Offend ignoriert.
Hier das Avira logfile: Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 15. Juni 2013 00:44
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : Kolja
Computername : KEN
Versionsinformationen:
BUILD.DAT : 13.0.0.3640 Bytes 18.04.2013 13:29:00
AVSCAN.EXE : 13.6.0.1262 636984 Bytes 08.05.2013 04:32:09
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 04.03.2013 16:10:07
LUKE.DLL : 13.6.0.1262 65080 Bytes 08.05.2013 04:32:37
AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 08.05.2013 04:32:09
AVREG.DLL : 13.6.0.1262 247864 Bytes 08.05.2013 04:32:07
avlode.dll : 13.6.2.1262 432184 Bytes 08.05.2013 04:32:06
avlode.rdf : 13.0.1.12 25921 Bytes 17.05.2013 21:16:46
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 18:21:29
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 14:54:46
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 14:52:52
VBASE003.VDF : 7.11.80.61 2048 Bytes 28.05.2013 14:52:53
VBASE004.VDF : 7.11.80.62 2048 Bytes 28.05.2013 14:52:53
VBASE005.VDF : 7.11.80.63 2048 Bytes 28.05.2013 14:52:53
VBASE006.VDF : 7.11.80.64 2048 Bytes 28.05.2013 14:52:53
VBASE007.VDF : 7.11.80.65 2048 Bytes 28.05.2013 14:52:53
VBASE008.VDF : 7.11.80.66 2048 Bytes 28.05.2013 14:52:53
VBASE009.VDF : 7.11.80.67 2048 Bytes 28.05.2013 14:52:53
VBASE010.VDF : 7.11.80.68 2048 Bytes 28.05.2013 14:52:53
VBASE011.VDF : 7.11.80.69 2048 Bytes 28.05.2013 14:52:53
VBASE012.VDF : 7.11.80.70 2048 Bytes 28.05.2013 14:52:53
VBASE013.VDF : 7.11.80.71 2048 Bytes 28.05.2013 14:52:53
VBASE014.VDF : 7.11.81.57 145408 Bytes 29.05.2013 10:24:11
VBASE015.VDF : 7.11.81.137 130048 Bytes 30.05.2013 19:06:15
VBASE016.VDF : 7.11.81.255 207360 Bytes 31.05.2013 05:25:03
VBASE017.VDF : 7.11.82.91 156160 Bytes 03.06.2013 05:09:26
VBASE018.VDF : 7.11.82.169 220160 Bytes 04.06.2013 11:09:24
VBASE019.VDF : 7.11.83.27 325632 Bytes 06.06.2013 04:30:08
VBASE020.VDF : 7.11.83.121 320512 Bytes 07.06.2013 04:30:09
VBASE021.VDF : 7.11.83.210 244736 Bytes 10.06.2013 22:35:41
VBASE022.VDF : 7.11.84.59 333824 Bytes 12.06.2013 13:04:08
VBASE023.VDF : 7.11.84.163 264192 Bytes 14.06.2013 12:51:49
VBASE024.VDF : 7.11.84.164 2048 Bytes 14.06.2013 12:51:49
VBASE025.VDF : 7.11.84.165 2048 Bytes 14.06.2013 12:51:49
VBASE026.VDF : 7.11.84.166 2048 Bytes 14.06.2013 12:51:49
VBASE027.VDF : 7.11.84.167 2048 Bytes 14.06.2013 12:51:49
VBASE028.VDF : 7.11.84.168 2048 Bytes 14.06.2013 12:51:49
VBASE029.VDF : 7.11.84.169 2048 Bytes 14.06.2013 12:51:49
VBASE030.VDF : 7.11.84.170 2048 Bytes 14.06.2013 12:51:49
VBASE031.VDF : 7.11.84.208 112128 Bytes 14.06.2013 22:38:00
Engineversion : 8.2.12.60
AEVDF.DLL : 8.1.3.4 102774 Bytes 13.06.2013 14:10:36
AESCRIPT.DLL : 8.1.4.122 487806 Bytes 13.06.2013 14:10:36
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 20:12:44
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 19:24:02
AERDL.DLL : 8.2.0.128 688504 Bytes 13.06.2013 14:10:36
AEPACK.DLL : 8.3.2.16 754041 Bytes 11.06.2013 22:35:44
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 15:43:23
AEHEUR.DLL : 8.1.4.412 5955962 Bytes 13.06.2013 14:10:35
AEHELP.DLL : 8.1.27.2 266617 Bytes 04.06.2013 22:02:04
AEGEN.DLL : 8.1.7.4 442741 Bytes 08.05.2013 13:22:56
AEEXP.DLL : 8.4.0.34 201079 Bytes 04.06.2013 22:02:14
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 19:06:20
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 16:48:26
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 13:59:53
AVWINLL.DLL : 13.6.0.480 26480 Bytes 04.03.2013 16:09:19
AVPREF.DLL : 13.6.0.480 51056 Bytes 04.03.2013 16:10:06
AVREP.DLL : 13.6.0.480 178544 Bytes 04.03.2013 16:11:32
AVARKT.DLL : 13.6.0.1262 258104 Bytes 08.05.2013 04:31:58
AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 08.05.2013 04:32:03
SQLITE3.DLL : 3.7.0.1 397704 Bytes 04.03.2013 16:11:04
AVSMTP.DLL : 13.6.0.480 62832 Bytes 04.03.2013 16:10:10
NETNT.DLL : 13.6.0.480 16240 Bytes 04.03.2013 16:10:50
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 04.03.2013 16:09:21
RCTEXT.DLL : 13.6.0.976 69344 Bytes 27.03.2013 15:19:21
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: -PHISH,
Beginn des Suchlaufs: Samstag, 15. Juni 2013 00:44
Der Suchlauf über die Masterbootsektoren wird begonnen:
Der Suchlauf über die Bootsektoren wird begonnen:
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'Last.fm Scrobbler.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'HidFind.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLG.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuSchd2.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'Monitor.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCMService.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRAY.EXE' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'OpWareSE4.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'TSVNCache.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'ForceField.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '82' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '6017' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <OS>
[0] Archivtyp: Runtime Packed
--> C:\LazyNewbPack[0.31.25][V9.2].zip.vir
[1] Archivtyp: ZIP
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/B-Advanced/Quickfort/Quickfort 2.00/qfconvert.exe
[2] Archivtyp: RSRC
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfattachtest.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6835015
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfautodump.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6834930
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfcleanmap.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6741778
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfflows.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6739421
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dflair.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6877699
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfposition.exe
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/Offend.691503
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dftubefill.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6739549
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfunreveal.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6959315.1
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfvdig.exe
[FUND] Ist das Trojanische Pferd TR/Agent.25088.133
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> LazyNewbPack[0.31.25][V9.2]/LNP/Utilities/C-Hacks/DFhack 0.5.15/dfweather.exe
[FUND] Ist das Trojanische Pferd TR/Offend.6744850
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\LazyNewbPack[0.31.25][V9.2].zip.vir
[FUND] Ist das Trojanische Pferd TR/Offend.6744850
C:\Users\Kolja\AppData\Local\Mozilla\Firefox\Profiles\v8p38qw0.default\Cache\8\F4\6C76Bd01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.158
Beginne mit der Suche in 'D:\' <RECOVERY>
Beginne mit der Desinfektion:
C:\Users\Kolja\AppData\Local\Mozilla\Firefox\Profiles\v8p38qw0.default\Cache\8\F4\6C76Bd01
[FUND] Enthält Erkennungsmuster des Java-Scriptvirus JS/Blacole.GB.158
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54653d65.qua' verschoben!
C:\LazyNewbPack[0.31.25][V9.2].zip.vir
[FUND] Ist das Trojanische Pferd TR/Offend.6744850
[WARNUNG] Die Datei wurde ignoriert.
Ende des Suchlaufs: Sonntag, 16. Juni 2013 12:24
Benötigte Zeit: 35:23:48 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
51224 Verzeichnisse wurden überprüft
1383424 Dateien wurden geprüft
12 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1383412 Dateien ohne Befall
15048 Archive wurden durchsucht
11 Warnungen
2 Hinweise
1002689 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
Ich habe defogger ausgeführt, hier ist das logfile Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:29 on 16/06/2013 (Kolja)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Außerdem habe ich die Ergebnisse von OTL, OTL.txt: Code:
OTL logfile created on: 16.06.2013 12:44:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kolja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19437)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,87% Memory free
6,20 Gb Paging File | 5,10 Gb Available in Paging File | 82,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 54,16 Gb Free Space | 24,59% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,24 Gb Free Space | 42,35% Space Free | Partition Type: NTFS
Computer Name: KEN | User Name: Kolja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.06.16 12:41:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.08 06:32:04 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.27 17:19:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 17:19:31 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.27 17:19:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.08.22 14:01:18 | 004,412,872 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2010.07.16 17:32:34 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- c:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.11.03 21:04:01 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008.05.04 11:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008.05.04 11:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008.05.04 11:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008.05.04 11:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008.05.02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007.12.21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007.12.10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
PRC - [2007.11.12 13:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007.06.28 15:05:40 | 000,131,072 | ---- | M] (Dell) -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe
PRC - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.03.21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.03.12 19:10:36 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
========== Modules (No Company Name) ==========
MOD - [2013.02.13 17:57:03 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.10 19:35:43 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\403900299d88edc5153065e5aed726e7\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 07:52:22 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011.07.18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2009.03.30 06:42:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.03 14:28:14 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
========== Services (SafeList) ==========
SRV - [2013.06.12 00:51:42 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.19 00:06:37 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.27 17:19:53 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 17:19:27 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.08.22 14:01:18 | 004,412,872 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.12.18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011.11.03 16:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.08.07 14:32:11 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.29 16:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.02.20 14:48:43 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.09.01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2008.11.03 21:31:41 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008.11.03 21:04:01 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008.05.02 15:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.12 13:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007.11.12 13:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007.06.28 15:05:40 | 000,131,072 | ---- | M] (Dell) [Auto | Running] -- C:\Program Files\Dell\MFP_DELL\deMntrService.exe -- (deMntrService)
SRV - [2007.03.21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2013.03.27 17:20:00 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.27 17:20:00 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.27 17:20:00 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.04 18:11:31 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.09.24 17:44:06 | 000,145,408 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\System32\drivers\ui11drdr.SYS -- (ui11drdr)
DRV - [2012.08.07 13:50:58 | 000,365,056 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2012.06.15 11:39:24 | 000,289,152 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2012.04.18 22:04:40 | 000,017,408 | ---- | M] (MARX Datentechnik GmbH ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CBN.SYS -- (CBN)
DRV - [2011.11.03 16:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.08.25 13:58:48 | 000,046,720 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2011.08.10 16:05:24 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2011.05.07 18:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010.11.18 02:36:02 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010.07.25 19:47:52 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.03.25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009.03.25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009.03.25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009.03.25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009.03.25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009.03.13 12:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2008.06.23 14:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008.05.04 11:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.03.06 09:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.02.29 13:51:30 | 000,460,544 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.11.12 13:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.09.06 18:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.09.06 18:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.09.06 18:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.06 07:59:24 | 000,017,536 | ---- | M] (Olivetti-Engineering SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\desrvusb.sys -- (DESVUSB)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2081104
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE_de
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=P9tCKqVvIH1B83UwTjy22RAjeXk?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://partnerpage.google.com/dell.com/de_de?hl=de&client=dell-row&channel=de&ibd=2081104"
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.5
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.05.19 22:36:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 00:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.19 00:06:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009.06.09 00:04:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 20:41:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.19 00:06:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.19 00:06:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 20:41:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2008.11.17 11:15:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Extensions
[2009.09.22 20:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (CS Lite) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{00084897-021a-4361-8423-083407a033e0}
[2009.09.22 20:13:42 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593}
[2009.09.22 20:13:45 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2008.12.28 19:57:25 | 000,000,000 | ---D | M] (SafeCache) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{670a77c5-010e-4476-a8ce-d09171318839}
[2009.09.22 20:22:04 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008.12.28 19:57:25 | 000,000,000 | ---D | M] (Temporary Inbox) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{ac1e10b8-206d-4746-a18e-0483852dc20b}
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008.12.28 19:57:24 | 000,000,000 | ---D | M] (Media Pirate - The video downloader) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{cc265d3d-3f6f-0170-a78b-bbbaef7a868c}
[2009.09.22 20:13:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.12.28 19:57:24 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2009.09.22 20:13:44 | 000,000,000 | ---D | M] (DT Whois) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\beysim@beysim.net
[2009.09.22 20:13:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\elemhidehelper@adblockplus.org
[2008.12.28 19:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\toolbar_extras@de.yahoo.com
[2013.06.16 08:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions
[2013.02.09 11:55:24 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013.05.31 12:26:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.25 11:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Firefox\Profiles\v8p38qw0.default\extensions\nostmp
[2009.10.15 10:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions
[2009.06.09 10:37:02 | 000,000,000 | ---D | M] (MinimizeToTray [de]) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}
[2009.07.09 23:00:50 | 000,000,000 | ---D | M] (Update Notifier [de]) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2009.06.17 10:21:25 | 000,000,000 | ---D | M] (Minimize To Tray Enhancer) -- C:\Users\Kolja\AppData\Roaming\mozilla\Sunbird\Profiles\2l39cm7p.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2013.06.12 15:03:04 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.05.27 14:13:54 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.06.16 08:40:42 | 000,868,738 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2013.05.09 20:46:52 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.24 15:44:17 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2009.05.21 14:43:50 | 000,000,931 | ---- | M] () -- C:\Users\Kolja\AppData\Roaming\mozilla\firefox\profiles\v8p38qw0.default\searchplugins\dictionary.xml
[2013.05.19 00:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.05.19 00:06:20 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2013.05.19 00:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.05.19 00:06:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe] File not found
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISW] File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD66A9BC-A675-4792-BF15-AD0D3DE488A0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B132EC71-7A1A-4CAE-97C1-5ECE0779137E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Kolja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kolja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.07 06:18:40 | 000,000,000 | ---D | M] - C:\AutoCAD 2006 -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6c819991-1396-11e1-bbac-00219be5c505}\Shell - "" = AutoRun
O33 - MountPoints2\{6c819991-1396-11e1-bbac-00219be5c505}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{eec6e07a-57fb-11de-8a23-00219be5c505}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.16 12:41:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe
[2013.06.16 12:25:12 | 000,000,000 | ---D | C] -- C:\Users\Kolja\Desktop\Blacole Scan
[2013.06.14 18:47:28 | 000,000,000 | ---D | C] -- C:\Users\Kolja\Desktop\Lexware Unterlagen
[2013.06.12 18:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Fend Reloaded
[2013.06.12 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Kolja\D-Fend Reloaded
[2013.06.12 18:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded
[2013.06.12 17:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenwood Entertainment
[2013.06.12 17:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Der Planer 1
[2013.05.27 20:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.05.19 00:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.06.16 12:41:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kolja\Desktop\OTL.exe
[2013.06.16 12:33:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 12:33:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.16 12:33:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.16 12:32:52 | 3208,716,288 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.16 12:30:02 | 000,000,020 | ---- | M] () -- C:\Users\Kolja\defogger_reenable
[2013.06.16 12:28:30 | 000,050,477 | ---- | M] () -- C:\Users\Kolja\Desktop\Defogger.exe
[2013.06.16 11:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.16 09:01:52 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.06.14 18:40:57 | 000,131,790 | ---- | M] () -- C:\Users\Kolja\Desktop\login_seite.jpg
[2013.06.12 17:48:49 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\Der Planer 1.lnk
[2013.06.08 23:57:14 | 000,304,160 | ---- | M] () -- C:\PA7302.DAT
[2013.06.01 21:07:48 | 000,006,156 | ---- | M] () -- C:\Users\Kolja\Desktop\C -Dokumente und Einstellungen-Mipo-Desktop-MIPOKOKO-Liege-1.pdf
[2013.05.27 20:41:59 | 000,384,187 | ---- | M] () -- C:\Users\Kolja\Desktop\RG Gutschein gemindert0001.pdf
[2013.05.24 21:32:41 | 000,644,298 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.24 21:32:41 | 000,609,156 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.24 21:32:41 | 000,134,004 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.24 21:32:41 | 000,110,290 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.20 22:37:47 | 009,274,969 | ---- | M] () -- C:\Users\Kolja\Desktop\pka.pdf
[2013.05.17 23:08:56 | 000,384,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.06.16 12:29:37 | 000,000,020 | ---- | C] () -- C:\Users\Kolja\defogger_reenable
[2013.06.16 12:28:29 | 000,050,477 | ---- | C] () -- C:\Users\Kolja\Desktop\Defogger.exe
[2013.06.14 18:40:57 | 000,131,790 | ---- | C] () -- C:\Users\Kolja\Desktop\login_seite.jpg
[2013.06.12 17:46:05 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\Der Planer 1.lnk
[2013.06.01 21:07:48 | 000,006,156 | ---- | C] () -- C:\Users\Kolja\Desktop\C -Dokumente und Einstellungen-Mipo-Desktop-MIPOKOKO-Liege-1.pdf
[2013.05.27 20:41:59 | 000,384,187 | ---- | C] () -- C:\Users\Kolja\Desktop\RG Gutschein gemindert0001.pdf
[2013.05.20 22:37:28 | 009,274,969 | ---- | C] () -- C:\Users\Kolja\Desktop\pka.pdf
[2013.01.07 21:58:30 | 000,000,218 | ---- | C] () -- C:\Users\Kolja\.recently-used.xbel
[2012.09.11 23:03:00 | 000,005,870 | ---- | C] () -- C:\Users\Kolja\AppData\Local\recently-used.xbel
[2012.05.01 21:49:26 | 000,164,193 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.05.01 21:48:51 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.04.18 22:06:06 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CBNDLL.DLL
[2012.04.18 22:03:11 | 000,343,040 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2012.04.18 22:03:11 | 000,116,736 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2012.04.18 22:03:11 | 000,068,096 | ---- | C] () -- C:\Windows\System32\lfplt11n.dll
[2012.04.17 21:52:31 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012.03.05 12:46:48 | 000,000,600 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\winscp.rnd
[2011.08.29 20:43:55 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.08.29 20:43:55 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.02.20 14:52:54 | 000,000,093 | ---- | C] () -- C:\Users\Kolja\AppData\Local\fusioncache.dat
[2011.01.18 20:10:22 | 000,000,428 | ---- | C] () -- C:\Users\Kolja\cademia.ini
[2010.10.23 14:47:45 | 000,011,247 | ---- | C] () -- C:\Users\Kolja\gsview32.ini
[2010.08.31 15:49:51 | 000,000,106 | ---- | C] () -- C:\Users\Kolja\.bouml
[2010.08.31 15:48:19 | 000,000,150 | ---- | C] () -- C:\Users\Kolja\.boumlrc
[2009.05.15 11:30:23 | 000,010,599 | ---- | C] () -- C:\Users\Kolja\_elster_2048.pfx
[2009.01.28 10:28:39 | 000,000,600 | ---- | C] () -- C:\Users\Kolja\AppData\Local\PUTTY.RND
[2008.12.30 22:21:13 | 000,000,796 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\wklnhst.dat
[2008.12.28 20:05:13 | 000,403,052 | ---- | C] () -- C:\Users\Kolja\jap.conf
[2008.12.21 17:04:40 | 000,006,648 | ---- | C] () -- C:\Users\Kolja\AppData\Local\d3d9caps.dat
[2008.11.17 15:09:30 | 000,024,064 | ---- | C] () -- C:\Users\Kolja\AppData\Roaming\UserTile.png
[2008.11.17 12:22:07 | 000,120,832 | ---- | C] () -- C:\Users\Kolja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.03.28 15:44:38 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\1&1
[2012.05.05 22:57:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Audacity
[2011.07.02 18:21:07 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Autodesk
[2011.11.13 14:12:42 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\CheckPoint
[2008.12.21 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools
[2009.06.02 12:55:23 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools Lite
[2008.12.21 17:07:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DAEMON Tools Pro
[2010.02.22 19:02:29 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DeepBurner
[2011.02.15 21:21:20 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\DVDVideoSoft
[2011.05.19 17:55:24 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\elsterformular
[2009.10.05 15:42:27 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FLV Extract
[2013.06.14 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\foobar2000
[2011.08.29 20:43:52 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FreePDF
[2010.03.03 10:37:57 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\FVZilla
[2013.03.02 12:08:02 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\GrooveWalrus
[2012.09.03 20:54:52 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\gtk-2.0
[2012.09.12 21:35:38 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\inkscape
[2009.06.22 18:53:37 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\IrfanView
[2009.09.22 19:55:53 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\JonDo
[2009.03.16 16:14:23 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\KhomsanPh
[2009.08.10 17:29:39 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Miranda
[2012.03.30 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Notepad++
[2008.11.17 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\OpenOffice.org
[2010.12.12 15:23:46 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\PCDr
[2008.11.17 15:09:29 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\PeerNetworking
[2009.03.28 10:05:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\rockbox.org
[2011.11.20 20:16:27 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Sony
[2011.11.20 20:23:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Sony Setup
[2010.05.12 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Subversion
[2008.12.30 22:21:14 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Template
[2012.03.08 18:53:57 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Thunderbird
[2010.04.30 15:11:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Transcend
[2010.10.14 10:52:41 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\UDP Software
[2012.10.28 22:02:44 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\UFOAI
[2009.08.01 18:39:06 | 000,000,000 | ---D | M] -- C:\Users\Kolja\AppData\Roaming\Uniblue
========== Purity Check ==========
< End of report >
und Extras.txt Code:
OTL Extras logfile created on: 16.06.2013 12:44:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kolja\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19437)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,87% Memory free
6,20 Gb Paging File | 5,10 Gb Available in Paging File | 82,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,28 Gb Total Space | 54,16 Gb Free Space | 24,59% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,24 Gb Free Space | 42,35% Space Free | Partition Type: NTFS
Computer Name: KEN | User Name: Kolja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = AutoCADScriptFile] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Free Video Zilla\FVZilla.exe" = C:\Program Files\Free Video Zilla\FVZilla.exe:*:Enabled:FVZilla -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B6390C5-449B-4DD2-A2A7-48ABFE775754}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{433A9AAF-D2F3-4F07-9377-8D9F88C05A79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47AE5147-4EDD-4F65-A44F-F690627E92D7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6FF52260-FB37-47B2-8CA1-16F4FFD1AC7D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{746D91EB-8DD7-4FEC-90DF-A7D963094B62}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE31AF05-77F5-41AF-B044-D1D83EED9FCC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BDEC205E-BB07-4B32-A0AB-F8A43F03585C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C522C89D-EAA6-4704-A4A7-25990CBFD485}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D81A31E1-A993-4F79-8845-D5795CFB567E}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028FB875-F191-4192-B58D-DF0A310C51D9}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{04AE63A1-FC37-42CF-AED8-0D89648D4AFE}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{04EA802C-59BD-481A-9C3D-44B44DA885A2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\mmm\counter-strike\hl.exe |
"{0652E0AE-ED6E-4511-880A-341C65FEAA7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A57E27F-D7E4-41EF-989B-7AE67087B4CF}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{1F0FCBB9-5EA7-4418-BC23-F6496AAC5373}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{2DDD7258-A32A-4BE4-BD68-795B188C8C70}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\mmm\counter-strike\hl.exe |
"{33F0EE8E-1F98-40D2-A3AA-B4DD36A31B51}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{44978D35-09A9-4263-8664-3EE351914D00}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{453885A0-C26C-4900-B855-C246197D7128}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{49ED0CC6-F097-4A67-8451-679CA5058E52}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{4B65D8F8-9ABF-4F7A-9484-723B9C94F379}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5649739A-BA89-4572-AAB1-8069DCDA123F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B3D1C26-1A80-4BC6-9EB2-D41780544A51}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5D6DA21D-6975-41E1-89BD-66ACB4CEFEB5}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{61FE656C-AE1D-404B-9199-225A60028DC9}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{66C07633-7367-4766-9B0D-5CE2ECBAA410}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{6760E8DB-19DC-43A5-A6C9-27E1CA322D84}" = protocol=6 | dir=out | app=system |
"{685B5C88-4202-4A40-947B-A4EC76CEE3EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72E90EA2-89AF-4BEB-A376-115AA76FE20C}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{78C7DDCD-117B-4CFE-9B19-07CCFC66518F}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{79CC6DF5-0C6A-4CBA-B747-9162E33F6D21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83B97AE6-0827-487F-BB8A-1F956CB5B78A}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{898F8F8A-E91D-4FD0-B8EE-E0E0EBB076E6}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{8B78EB47-E046-49E0-BEDF-0795AE587A0E}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{A310EF3A-77DF-40F9-9F26-6B749DC3C9E8}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{A6DA462C-EFBC-4B94-AF23-DF72A584A61E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B0ED171B-C7C9-4050-8D11-740C9393A958}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1B47416-9FF1-4748-BCFC-0D8E746B312C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C263726D-4FD9-460B-B0FC-91F2554ADC05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CFD817DE-D573-4FFF-B684-9504A3F11CCF}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{D52445DF-4696-46DA-A64B-DA669C0191AC}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D8C00789-E408-4081-829A-18132B811926}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF3217AF-0B2A-4466-B9B5-087FA13CD4F1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0701F89-1B9F-4402-8365-5D2A0CF59354}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E166DC6A-567C-41E2-9E8F-B11F04182F78}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{E585ABB1-D157-4BB5-A07C-D639280FF8A8}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{EF06733F-D57A-43A5-BA15-3A721EF01D4D}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{FC785247-E88C-4585-9627-F7A0D793375E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{429A3810-A1D7-40E7-ACFE-A76ADAAB65C5}C:\program files\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\program files\nwn\nwmain.exe |
"TCP Query User{C0543E5A-05D3-4B3D-9A85-3E39401953ED}C:\program files\nwn\nwserver.exe" = protocol=6 | dir=in | app=c:\program files\nwn\nwserver.exe |
"UDP Query User{123871A1-14DA-4839-8ECE-3D84AAD15A2E}C:\program files\nwn\nwserver.exe" = protocol=17 | dir=in | app=c:\program files\nwn\nwserver.exe |
"UDP Query User{BA858A72-564D-4B7A-B5F2-764DC328612D}C:\program files\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\program files\nwn\nwmain.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00762C8C-31A8-4892-9960-587872CAE77C}" = Dell All-In-One Center
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13702021-43FB-480C-912F-D9B74A538288}" = OpenProj
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}" = Sentinel Runtime
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{500ECB5F-B2E8-4A46-80FF-FFFDB7AFC103}" = ScanSoft OmniPage SE 4
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5783F2D7-4001-0407-0002-0060B0CE6BBA}" = AutoCAD 2006 - Deutsch
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5D6C26B9-D9E7-4E77-A4DE-0C2B242E85FA}" = ZoneAlarm Firewall
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6A23CD7D-7A85-4D3E-8CF9-006F98A60B9F}" = SEMA Holzbausoftware V12.1 (de)
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75B9B1F8-0F07-11D6-A801-0050FC209733}" = Capitalism II
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9cc89170-000b-457d-91f1-53691f85b223}" = Python 2.6.1
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A3C76924-B911-4766-A1FD-367D13277CB3}_is1" = GrooveWalrus 0.382
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC VGA Camer@ Plus
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BEC98AB1-991D-4A2D-9FDD-10F3DEBAF568}" = Dell Photo AIO 928
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4BC01F3-B7E6-49FA-8FBE-6B62FDF9CED0}" = ZoneAlarm Security
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC610A5F-4957-4CA3-8825-D91D5D492086}" = ActivePerl 5.12.2 Build 1202
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.231
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8D315CF-615E-3AAC-ABF6-C0FA91EDDDBA}" = Microsoft Visual C# 2008 Express Edition with SP1 - DEU
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Office-Drive Manager" = 1&1 Office-Drive Manager
"7-Zip" = 7-Zip 4.64
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dell Support Center" = Dell Support Center
"Der Planer 1" = Der Planer 1
"D-Fend Reloaded" = D-Fend Reloaded 1.3.3 (deinstallieren)
"dm Fotowelt" = dm Fotowelt
"ElsterFormular 11.4.1.4323" = ElsterFormular Upgrade
"foobar2000" = foobar2000 v1.2.3
"Free FLV to AVI MP4 3GP WMV MP3 Converter_is1" = Free FLV to AVI MP4 3GP WMV MP3 Converter v2.2
"Free Video Zilla_is1" = Free Video Zilla
"FreePDF_XP" = FreePDF (Remove only)
"GIMP-2_is1" = GIMP 2.8.2
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"Hydrogen" = Hydrogen
"Inkscape" = Inkscape 0.48.2
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm Scrobbler 2.1.33
"MechCommander2 1.0" = Microsoft MechCommander 2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual C# 2008 Express Edition with SP1 - DEU" = Microsoft Visual C# 2008 Express Edition mit SP1 - DEU
"MiKTeX 2.8" = MiKTeX 2.8
"Miranda IM" = Miranda IM 0.8.3
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"musikCube" = musikCube 1.0
"Notepad++" = Notepad++
"OptiPNG-UI1.0.0.2" = OptiPNG-UI
"PokerStars" = PokerStars
"PuTTY_is1" = PuTTY version 0.62
"R for Windows 2.11.1_is1" = R for Windows 2.11.1
"Recuva" = Recuva
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RuckZuck 4.0" = RuckZuck 4.0
"Secunia PSI" = Secunia PSI
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.4 for Windows
"Steam App 10" = Counter-Strike
"SystemRequirementsLab" = System Requirements Lab
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VLC media player" = VLC media player 2.0.2
"WinMerge_is1" = WinMerge 2.12.4
"WinPcapInst" = WinPcap 4.1.1
"winscp3_is1" = WinSCP 4.3.7
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"ZoneAlarm Free" = ZoneAlarm Free
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0cb53dcd03c12ddd" = Blitzableiter
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.06.2013 11:47:47 | Computer Name = Ken | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cmd.exe, Version 6.0.6001.18000, Zeitstempel
0x47918bde, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x033900a5, Prozess-ID 0xa40, Anwendungsstartzeit
01ce67842fa0b363.
Error - 12.06.2013 11:48:04 | Computer Name = Ken | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung cmd.exe, Version 6.0.6001.18000, Zeitstempel
0x47918bde, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x033600a5, Prozess-ID 0x8d8, Anwendungsstartzeit
01ce678439ade1c3.
Error - 13.06.2013 04:05:38 | Computer Name = Ken | Source = WinMgmt | ID = 10
Description =
Error - 13.06.2013 04:18:09 | Computer Name = Ken | Source = Perflib | ID = 1010
Description =
Error - 13.06.2013 04:18:11 | Computer Name = Ken | Source = Perflib | ID = 1008
Description =
Error - 14.06.2013 02:47:20 | Computer Name = Ken | Source = WinMgmt | ID = 10
Description =
Error - 15.06.2013 03:00:05 | Computer Name = Ken | Source = Perflib | ID = 1010
Description =
Error - 15.06.2013 03:00:07 | Computer Name = Ken | Source = Perflib | ID = 1008
Description =
Error - 16.06.2013 03:00:06 | Computer Name = Ken | Source = Perflib | ID = 1010
Description =
Error - 16.06.2013 06:34:37 | Computer Name = Ken | Source = WinMgmt | ID = 10
Description =
[ Broadcom Wireless LAN Events ]
Error - 08.06.2009 08:36:56 | Computer Name = Ken | Source = WLAN-Tray | ID = 0
Description = 14:36:56, Mon, Jun 08, 09 Error - User "" does not have administrative
privileges on this system
Error - 21.06.2009 09:38:22 | Computer Name = Ken | Source = WLAN-Tray | ID = 0
Description = 15:38:21, Sun, Jun 21, 09 Error - Unable to gain access to user store
Error - 05.11.2012 15:56:05 | Computer Name = Ken | Source = WLAN-Tray | ID = 0
Description = Error - Error in creating key container - -2146893809 (Broadcom Wireless
Adapter Manager Container)
[ System Events ]
Error - 12.06.2013 10:45:01 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description =
Error - 12.06.2013 10:50:36 | Computer Name = Ken | Source = bowser | ID = 8003
Description =
Error - 12.06.2013 15:14:40 | Computer Name = Ken | Source = bowser | ID = 8003
Description =
Error - 13.06.2013 04:05:39 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description =
Error - 13.06.2013 12:57:57 | Computer Name = Ken | Source = bowser | ID = 8003
Description =
Error - 14.06.2013 02:47:21 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description =
Error - 14.06.2013 13:41:29 | Computer Name = Ken | Source = bowser | ID = 8003
Description =
Error - 15.06.2013 09:06:37 | Computer Name = Ken | Source = bowser | ID = 8003
Description =
Error - 16.06.2013 06:19:30 | Computer Name = Ken | Source = bowser | ID = 8003
Description =
Error - 16.06.2013 06:34:39 | Computer Name = Ken | Source = Service Control Manager | ID = 7000
Description =
< End of report >
gmer.exe hat bei mir mehrmals nicht funktioniert mit dem Hinweis "gmer.exe funktioniert nicht mehr" von Windows. Nachdem ich versehentlich zwei Versuche ohne zwischenzeitlichen Reboot gestartet hatte, ist das ganze System mit Bluescreen abgestürzt.
Der Absturz kam jeweils während des laufenden Scans. Virenscanner war aus, Netzwerkkabel abgezogen.
Vielen Dank schonmal im Voraus für eure Hilfe.
:) |
TDSSKiller.exe und speichere diese Datei auf dem Desktop
AdwCleaner auf deinen Desktop.
WARNUNG an die MITLESER: