| Beatle65 | 19.11.2011 12:37 |
[doppelt] Trojanerbefall durch TR/Spy.Banker.Gen2 - Trojaner
Hallo zusammen,
heute morgen meldete mein Virenscanner einen Trojanerbefall.
TR/Spy.Banker.Gen2
Ich habe auch schon in verschiedenen Foren gestöbert und ersuche nun hier Hilfe dieses Teil wieder los zu werden.
Vielen Dank im voraus für die Mühen..
Grüße BeatleOTL Logfile: Code:
OTL logfile created on: 11/19/2011 11:26:19 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bernd\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.85 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.48% Memory free
7.71 Gb Paging File | 5.69 Gb Available in Paging File | 73.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.00 Gb Total Space | 167.21 Gb Free Space | 72.39% Space Free | Partition Type: NTFS
Drive D: | 345.07 Gb Total Space | 312.97 Gb Free Space | 90.70% Space Free | Partition Type: NTFS
Computer Name: BERND-PC | User Name: Bernd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/11/19 11:19:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bernd\Downloads\OTL.exe
PRC - [2011/09/29 08:19:26 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/09/29 08:19:16 | 003,508,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/09/08 14:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/06/28 19:24:05 | 000,400,040 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011/06/28 19:24:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/30 09:35:34 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/03 17:41:05 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/07/30 09:20:18 | 001,752,680 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/12/19 23:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009/12/19 23:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009/07/14 02:14:42 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\TSTheme.exe
PRC - [2009/06/03 12:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 15:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/19 09:40:15 | 001,215,440 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\5043\components\AcroFF043.dll
MOD - [2011/11/18 18:41:18 | 001,211,344 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\5042\components\AcroFF042.dll
MOD - [2011/10/18 16:26:06 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\ab1a41d184118635218d38da3f4bcae8\System.Management.ni.dll
MOD - [2011/10/18 16:25:00 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dabeb21f09f88576c2cce838280c7f44\System.Runtime.Remoting.ni.dll
MOD - [2011/10/18 16:24:54 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2b0b477db8f5a19d6365b93106b26651\System.Xaml.ni.dll
MOD - [2011/10/12 22:08:32 | 018,019,328 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\401a9dbeaad6b6ca70c90ae4fbd2e0b8\PresentationFramework.ni.dll
MOD - [2011/10/12 22:08:21 | 011,470,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b540398c49e7c32ab58666de7f09f645\PresentationCore.ni.dll
MOD - [2011/10/12 22:08:21 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\af091a68303117ca2166aa13bcbfbbd0\PresentationFramework.Aero.ni.dll
MOD - [2011/10/12 22:08:18 | 013,138,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\fa45e7d581b80c34cb0d5518491c7387\System.Windows.Forms.ni.dll
MOD - [2011/10/12 22:08:14 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\90223e809b1ff291a7f65509702e2fa1\System.Core.ni.dll
MOD - [2011/10/12 22:08:12 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a48e483c6b13da563725d72ec518a0bb\System.Xml.ni.dll
MOD - [2011/10/12 22:08:09 | 003,881,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0afb5fbfbc7a8d670b430672c5fd578\WindowsBase.ni.dll
MOD - [2011/10/12 22:08:08 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\100121f0f4e55a3e85a886f4968dedfc\System.Configuration.ni.dll
MOD - [2011/10/12 22:08:07 | 001,652,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\fd0f015bc4324d8b9716ae38083a4e4d\System.Drawing.ni.dll
MOD - [2011/10/12 22:08:06 | 009,086,976 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\69adb8f9940fa1330f6f1b706e3dc31e\System.ni.dll
MOD - [2011/10/12 22:08:00 | 014,409,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\2b1af7649e57195b4b85bbf4c5cb7c90\mscorlib.ni.dll
MOD - [2011/10/07 20:29:59 | 000,115,137 | ---- | M] () -- C:\Users\Bernd\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
MOD - [2011/09/29 08:19:26 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/08/28 22:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2009/06/03 12:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 12:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/02/27 15:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/10/20 19:47:12 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/07/07 19:50:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/16 15:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/06/28 19:24:06 | 000,428,200 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/06/28 19:24:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 09:35:34 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/18 18:06:54 | 000,204,883 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SAMSUNG\Samsung Networking Wizard\ICM_Service.exe -- (ICM_UpdaterService)
SRV - [2010/11/16 00:25:40 | 000,761,344 | ---- | M] (David Harris) [Auto | Stopped] -- C:\MERCURY\mercury.exe -- (Mercury32)
SRV - [2010/10/24 09:49:57 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2010/10/20 19:45:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/06/01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/19 23:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/12/19 23:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/08/11 18:31:44 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
DRV:64bit: - [2011/08/11 18:31:36 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/06/28 19:24:06 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/06/28 19:24:06 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/06/16 10:22:50 | 000,093,496 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/24 09:45:40 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/07/07 20:30:10 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/07 19:15:44 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/17 05:34:44 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/06/10 20:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/05/21 05:02:40 | 001,377,840 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/27 08:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/22 03:51:46 | 003,062,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/04/16 15:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/02/26 08:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV - [2010/10/24 09:45:40 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2010/09/25 07:39:27 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2704262
IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "FreeSoundRecorder Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "FreeSoundRecorder Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2704262&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/13 20:52:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/13 20:52:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Bernd\AppData\Roaming\5043 [2011/11/19 09:40:15 | 000,000,000 | ---D | M]
[2010/10/15 14:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\Extensions
[2011/11/07 18:26:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\3f9lo38q.default\extensions
[2011/11/07 18:26:12 | 000,000,000 | ---D | M] (FreeSoundRecorder Community Toolbar) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\3f9lo38q.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
[2011/10/04 18:43:36 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\3f9lo38q.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/01/07 23:32:00 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\3f9lo38q.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/11/05 10:19:31 | 000,000,000 | ---D | M] (Page Ruler) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\3f9lo38q.default\extensions\jid1-g0J5YenAv9JWlA@jetpack
[2011/11/16 19:09:56 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\3f9lo38q.default\extensions\toolbar@ask.com
[2011/10/31 12:43:38 | 000,000,937 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\Mozilla\Firefox\Profiles\3f9lo38q.default\searchplugins\conduit.xml
[2011/11/09 22:46:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/10/21 16:40:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/10/29 10:02:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/19 09:40:15 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BERND\APPDATA\ROAMING\5043
() (No name found) -- C:\USERS\BERND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3F9LO38Q.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/11/09 22:46:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/05 21:44:58 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/05/05 21:44:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/05/05 21:44:58 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/05/05 21:44:58 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/05/05 21:44:58 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/05/05 21:44:58 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011/11/13 20:48:44 | 000,001,054 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 oxid.local
O1 - Hosts: 127.0.0.1 organizer.local
O1 - Hosts: 127.0.0.1 hammer.local
O1 - Hosts: 127.0.0.1 webshop.local
O1 - Hosts: 127.0.0.1 bg-systeme.local
O1 - Hosts: 127.0.0.1 cms.bg-systeme.local
O1 - Hosts: 127.0.0.1 reichert.local
O1 - Hosts: 127.0.0.1 ag_betrug
O1 - Hosts: 127.0.0.1 fusspflege.local
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Userinit] C:\Users\Bernd\AppData\Roaming\appconf32.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8613F2F-D6A0-4973-AFD9-8C153634B985}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/11/19 10:19:13 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/11/19 09:40:15 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\5043
[2011/11/18 18:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMerge
[2011/11/18 18:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinMerge
[2011/11/18 18:41:24 | 000,220,112 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Bernd\AppData\Roaming\AcroIEHelpe048.dll
[2011/11/18 18:41:20 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{AE5C7C26-8C29-49BF-B19D-BAA5B516BA2C}
[2011/11/18 18:41:18 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\5042
[2011/11/17 19:34:54 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{E2C8C304-30F2-4126-AB09-43FF042A81A8}
[2011/11/17 19:34:29 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{9FD37986-C939-44C4-998E-CE11A9F8E606}
[2011/11/16 19:10:16 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\5041
[2011/11/16 17:07:40 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{CB3352F6-0662-45C9-A6CB-48D07A96FACE}
[2011/11/16 17:07:28 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{B81634AA-807E-4560-ABCF-189CB4D79AF8}
[2011/11/15 22:21:30 | 000,000,000 | ---D | C] -- C:\xmldm
[2011/11/15 21:07:19 | 000,220,112 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\Bernd\AppData\Roaming\AcroIEHelpe046.dll
[2011/11/15 21:07:12 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\5040
[2011/11/15 20:17:56 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{8E7FCAC6-8F81-4D65-8A49-282B71F79786}
[2011/11/15 20:17:44 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{E708879B-9269-4FF7-8728-27485D3CFC76}
[2011/11/14 00:14:05 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{D060D55B-B10A-4D37-9427-55264C4721B4}
[2011/11/13 20:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/13 20:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/11/13 20:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/11/13 20:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/11/12 23:53:43 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{4FBE08FF-BEEC-4CAE-B32F-4AAF6E0410FA}
[2011/11/12 11:53:02 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{C59CFE06-7E64-486F-B9CD-6558FED7A18E}
[2011/11/11 16:31:56 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\5039
[2011/11/11 16:28:22 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{5E18C700-99BF-494C-9554-FC4C6D772209}
[2011/11/11 16:28:10 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{85158A7D-D192-4223-819F-6DCE85040C89}
[2011/11/11 16:27:30 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{1B8AB7A0-1802-4AED-9AA2-3348DEED3CA9}
[2011/11/10 15:46:55 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{61B3C07D-537F-4BE5-BE82-944F110A8638}
[2011/11/10 15:46:30 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{E06540D1-F171-406C-86C8-6227E2138061}
[2011/11/09 16:15:23 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{98D56715-7F6F-450C-90A5-F30F1B41BBA5}
[2011/11/09 16:15:09 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{92F5984B-8D43-45A2-B350-20FA3C46A88B}
[2011/11/08 15:48:02 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\5038
[2011/11/08 15:47:52 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\xmldm
[2011/11/08 15:47:49 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\kock
[2011/11/07 21:51:34 | 000,000,000 | ---D | C] -- C:\Users\Bernd\Desktop\Micha
[2011/11/07 16:58:07 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{B8B025B3-A43B-4852-9148-9CF6B8FC9BDF}
[2011/11/07 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{12049595-75E5-403D-9635-907BAB8FA8A8}
[2011/11/06 09:37:42 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{95EE75B3-CFEA-41B3-8D1E-077FDE9B083E}
[2011/11/06 09:37:18 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{F9B680DF-B97D-4ED3-981C-6882B5CC7948}
[2011/11/04 18:19:49 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{5E7CBF6F-9290-4E16-B488-49214A1297FB}
[2011/11/03 16:29:03 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{BA348291-6C77-4212-9F8A-E929690ED751}
[2011/11/03 16:28:39 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{DD077E16-3B4E-4804-8686-0DAE018E5043}
[2011/11/02 19:50:48 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\Conduit
[2011/11/02 19:50:42 | 000,000,000 | ---D | C] -- C:\Users\Bernd\Documents\Free Sound Recorder
[2011/11/02 19:50:42 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\Free Sound Recorder
[2011/11/02 19:28:42 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{09288412-F50C-45ED-B052-8E10A4F33539}
[2011/11/02 19:28:14 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{DDE58F13-55C2-4547-895D-E72394BD0FE3}
[2011/11/01 10:31:02 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{C6678592-A459-40AA-8099-061150680A08}
[2011/11/01 10:30:40 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{4BDD36EF-219F-4D64-B27E-24069170A1F8}
[2011/10/31 13:07:38 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{B1CCF6C5-2F3C-45AD-A636-11DCAA08DFBA}
[2011/10/31 13:07:15 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{198CBF29-207E-45E2-AE15-1D3D66C337C1}
[2011/10/30 23:13:03 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{DBE55FFE-532D-462F-B1AF-C90515ACDECA}
[2011/10/30 19:49:40 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\Microsoft Help
[2011/10/30 19:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/10/30 11:11:44 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{D4BD321C-D62A-46ED-970A-D441B31C126D}
[2011/10/30 11:10:45 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{3C3FB20C-CEC6-4375-A1D1-0EF38A34A56F}
[2011/10/29 10:52:12 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{814FBC65-A26E-472F-B48E-FD5CC13FD985}
[2011/10/29 10:51:49 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{3F125E78-6304-4EF2-9CB6-5632D4784414}
[2011/10/29 10:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/29 10:02:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2011/10/29 10:02:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2011/10/29 10:02:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2011/10/28 22:51:24 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{2DCA1395-1FAC-4DD5-8252-C453A36A7FD6}
[2011/10/28 09:42:05 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{0E4720AC-0124-45C4-8BDD-BAE4CA1208AC}
[2011/10/28 09:41:51 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{B9D3FDF4-85BC-4C05-A58F-AC64C35817C5}
[2011/10/27 08:13:55 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{DB44C551-66DF-4FA6-BF99-6627B811BC93}
[2011/10/27 08:13:29 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{94699BD0-3608-4739-B01B-60961D7DFB4F}
[2011/10/26 08:14:20 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{A6CD707D-61BD-4089-BD74-315964A66E2C}
[2011/10/26 08:13:57 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{DCC7BA88-0530-44BB-88F8-790A8A36A2CF}
[2011/10/24 14:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\windows\SysWow64\QuickTimeVR.qtx
[2011/10/24 14:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\windows\SysWow64\QuickTime.qts
[2011/10/23 12:21:53 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{9F3B6274-ABD3-4A29-8F48-381EDD272546}
[2011/10/23 12:21:41 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\{657C7BA6-1787-40F3-8D33-F75C55CDC91C}
[2011/10/21 16:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/10/21 16:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/10/21 16:40:27 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2 C:\Users\Bernd\*.tmp files -> C:\Users\Bernd\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Users\Bernd\AppData\Roaming\*.tmp files -> C:\Users\Bernd\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/11/19 11:18:08 | 000,000,000 | ---- | M] () -- C:\Users\Bernd\defogger_reenable
[2011/11/19 09:39:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/11/18 19:10:21 | 000,000,072 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\blckdom.res
[2011/11/18 18:41:27 | 000,220,112 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Bernd\AppData\Roaming\AcroIEHelpe046.dll
[2011/11/18 18:41:24 | 000,220,112 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Bernd\AppData\Roaming\AcroIEHelpe048.dll
[2011/11/17 19:43:15 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 19:43:15 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/17 19:31:03 | 4137,861,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/13 20:52:16 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/10 15:44:04 | 003,280,664 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/11/03 16:31:32 | 001,508,616 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/11/03 16:31:32 | 000,658,110 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2011/11/03 16:31:32 | 000,619,356 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/11/03 16:31:32 | 000,131,210 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2011/11/03 16:31:32 | 000,107,418 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/31 15:35:35 | 000,147,071 | ---- | M] () -- C:\Users\Bernd\AppData\Roaming\mdbu.bin
[2011/10/31 13:56:41 | 000,158,872 | ---- | M] () -- C:\Users\Bernd\Desktop\Fotobuch_Tuerkei.pbf
[2011/10/24 14:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\windows\SysWow64\QuickTimeVR.qtx
[2011/10/24 14:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\windows\SysWow64\QuickTime.qts
[2011/10/21 16:40:28 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\Users\Bernd\*.tmp files -> C:\Users\Bernd\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Users\Bernd\AppData\Roaming\*.tmp files -> C:\Users\Bernd\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/11/19 11:18:08 | 000,000,000 | ---- | C] () -- C:\Users\Bernd\defogger_reenable
[2011/11/13 20:52:16 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/13 20:51:05 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/08 15:47:58 | 000,000,072 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\blckdom.res
[2011/10/21 16:40:28 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/09/23 08:29:11 | 001,073,152 | ---- | C] () -- C:\windows\SysWow64\libmysql_c.dll
[2011/07/27 08:36:21 | 000,147,071 | ---- | C] () -- C:\Users\Bernd\AppData\Roaming\mdbu.bin
[2011/04/05 20:01:33 | 000,012,800 | ---- | C] () -- C:\Users\Bernd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/29 16:00:24 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2011/01/29 16:00:22 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2011/01/29 16:00:22 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/29 16:00:22 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/29 16:00:22 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2010/11/07 10:01:44 | 000,046,592 | ---- | C] () -- C:\windows\SysWow64\shellses.dll
[2010/10/17 11:02:57 | 001,535,546 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/10/15 15:59:14 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2010/10/15 15:21:16 | 002,463,976 | ---- | C] () -- C:\windows\SysWow64\NPSWF32.dll
[2010/10/15 15:01:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/15 13:29:13 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/08/17 19:53:19 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2010/08/17 05:09:26 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/08/17 05:02:02 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/08/17 04:12:01 | 000,002,076 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 22:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 22:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 22:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2008/12/09 16:23:13 | 000,054,048 | RHS- | C] () -- C:\Users\Bernd\AppData\Roaming\appconf32.exe
[2003/02/20 16:53:42 | 000,005,702 | ---- | C] () -- C:\windows\SysWow64\OUTLPERF.INI
========== Alternate Data Streams ==========
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:798A3728
< End of report >
--- --- --- |
