Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
tr.dropper.gen in heruntergeladenen datei

tr.dropper.gen in heruntergeladenen datei


Plagegeister aller Art und deren Bekämpfung: tr.dropper.gen in heruntergeladenen datei

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.08.2011, 22:51   #1
Trokker
 
tr.dropper.gen in heruntergeladenen datei - Standard

tr.dropper.gen in heruntergeladenen datei


Hallo, habe mir vorhin ein Programm zum hosten von dem Spiel Warcraft 3 heruntergeladen (Name von dem Programm lautet GhostOne). Beim entpacken der Datei hat sich Antivir allerdings mit dem Fund tr.dropper.gen gemeldet.

Ich habe die Datei mal mit VirusTotal überprüft und folgende Ergebnisse bekommen:

hxxp://www.virustotal.com/file-scan/report.html?id=8ef303c5198749543bf4e7a72cd512fc7f319f4b5509307f9cc461780018de7f-1313183607

Ich kann leider nur das OTL Logfile reinstellen, da defogger irgendwie nichts herausgibt und GMER bei zwei versuchen einfach mittendrin abstürzt.

Code:
ATTFilter
OTL logfile created on: 12.08.2011 22:18:53 - Run 2
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\***\Security\otl
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 263,67 Gb Total Space | 73,54 Gb Free Space | 27,89% Space Free | Partition Type: NTFS
Drive D: | 28,32 Gb Total Space | 27,05 Gb Free Space | 95,50% Space Free | Partition Type: NTFS
Drive E: | 6,10 Gb Total Space | 6,04 Gb Free Space | 99,05% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 20,98 Gb Free Space | 10,74% Space Free | Partition Type: NTFS
Drive H: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive I: | 123,96 Gb Total Space | 123,87 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.01 19:12:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.05.21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.04.28 18:56:56 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.01 07:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.03.22 23:56:40 | 000,687,448 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011.03.01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.03.01 23:13:44 | 000,203,096 | ---- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.02.14 01:12:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Security\otl\OTL.exe
PRC - [2011.02.06 22:06:46 | 000,099,840 | ---- | M] () -- C:\Programme\Rainmeter\Rainmeter.exe
PRC - [2010.11.04 17:24:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.29 22:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Vid HD\Vid.exe
PRC - [2010.10.06 22:28:12 | 003,768,176 | ---- | M] (Stardock) -- C:\Programme\Stardock\ObjectDockFree\ObjectDock.exe
PRC - [2010.09.23 18:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010.09.23 01:24:22 | 000,265,776 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\openvpnas.exe
PRC - [2010.09.22 21:19:06 | 000,325,168 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe
PRC - [2010.03.18 10:37:26 | 002,787,224 | ---- | M] (Razer USA Ltd) -- C:\Programme\Razer\Imperator\RazerImperatorTray.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.09.02 12:46:30 | 001,127,944 | ---- | M] (LSoft Technologies Inc) -- C:\Programme\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.30 04:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008.11.28 18:24:57 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2008.09.20 21:41:31 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Users\***\Eigene Programme\ADAWRE\aawservice.exe
PRC - [2008.07.10 03:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.07.07 09:42:06 | 002,156,368 | RHS- | M] (Safer Networking Limited) -- C:\Users\***\Eigene Programme\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007.03.13 11:16:46 | 000,995,328 | ---- | M] (AzureWave.com) -- C:\Programme\ASUS WiFi-AP Solo\RtWLan.exe
PRC - [2006.12.29 19:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2005.06.28 14:59:12 | 001,855,488 | ---- | M] () -- C:\Programme\KYE\ErgoMedia\SyTray.exe
PRC - [2005.01.31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.02.14 01:12:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Security\otl\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (DAUpdaterSvc)
SRV - [2011.07.27 21:57:59 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.07.01 19:12:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.28 18:56:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.01 07:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.02.22 15:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.01.06 01:07:54 | 000,602,416 | ---- | M] (Ariolic Software, Ltd. (hxxp://www.ariolic.com)) [On_Demand | Stopped] -- C:\Programme\ActiveSMART 2.9\AsmartService.exe -- (ActiveSMART Service)
SRV - [2010.09.23 18:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010.09.23 01:25:28 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010.09.23 01:24:22 | 000,265,776 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010.09.22 21:19:06 | 000,325,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010.03.18 17:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010.02.19 14:52:35 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.09.02 12:46:30 | 001,127,944 | ---- | M] (LSoft Technologies Inc) [Auto | Running] -- C:\Programme\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe -- (Active@ Disk Monitor)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.11.28 18:24:57 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2008.11.28 18:24:53 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.11.24 13:19:54 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.09.20 21:41:31 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Users\***\Eigene Programme\ADAWRE\aawservice.exe -- (aawservice)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005.01.31 10:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.01 19:12:23 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 19:12:23 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.04.01 07:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C310(UVC)
DRV - [2011.04.01 07:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.12.18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010.09.22 21:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010.09.22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\***\Security\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.05.07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010.03.10 17:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Users\***\Security\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.03.30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.29 19:31:18 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.12.15 23:13:59 | 000,165,504 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atjsgt.sys -- (atjsgt)
DRV - [2007.12.15 23:13:54 | 000,016,000 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\linsgt.sys -- (linsgt)
DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.03.13 11:20:06 | 000,216,064 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8187.sys -- (RTL8187)
DRV - [2007.03.09 14:29:44 | 000,015,360 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007.01.02 21:41:34 | 001,668,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.19 11:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2006.10.18 21:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006.09.03 00:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006.09.03 00:53:38 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006.05.25 06:38:42 | 000,036,096 | ---- | M] (Animation Technologies Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\M9207BDA.sys -- (M9207)
DRV - [2005.01.12 06:29:28 | 000,038,784 | ---- | M] (InterVideo) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ivicd.sys -- (ivicd)
DRV - [2003.09.10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003.04.19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programme\HotSpot_International\tbHotS.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2604146
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 C3 D6 09 D5 6A CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programme\HotSpot_International\tbHotS.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.buffed.de/wow|hxxp://de.ign.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.3
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\program files\Mozilla Firefox\components [2011.07.01 19:22:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2011.04.23 11:38:35 | 000,000,000 | ---D | M]
 
[2008.12.17 22:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.07.01 19:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions
[2011.04.10 22:05:37 | 000,000,000 | ---D | M] (HotSpot International Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}
[2010.05.13 10:44:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.22 13:46:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.07.01 19:38:46 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2009.07.22 01:53:17 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2011.04.08 18:41:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.03.16 15:57:57 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\ChoiceGuard@Microsoft
[2011.04.10 22:05:37 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\engine@conduit.com
[2011.04.10 21:56:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\nostmp
[2010.04.29 17:29:47 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\searchrecs@veoh.com
[2010.03.12 15:14:05 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tbqrb68m.default\extensions\smartbookmarksbar@remy.juteau
[2011.12.06 22:23:18 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-1.xml
[2009.04.28 22:14:03 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-10.xml
[2009.06.13 18:39:20 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-11.xml
[2009.08.14 11:28:09 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-12.xml
[2009.09.12 00:55:16 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-13.xml
[2009.11.10 15:49:36 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-14.xml
[2009.12.17 15:47:01 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-15.xml
[2010.01.07 15:23:02 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-16.xml
[2010.02.18 18:27:26 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-17.xml
[2010.02.18 22:12:07 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-18.xml
[2010.02.19 14:46:57 | 000,000,666 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-19.xml
[2007.12.20 21:14:31 | 000,000,949 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-2.xml
[2010.03.24 19:47:46 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-20.xml
[2010.03.24 22:34:54 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-21.xml
[2010.06.24 10:23:32 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-22.xml
[2010.06.28 03:12:03 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-23.xml
[2010.07.22 13:23:30 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-24.xml
[2010.07.25 13:17:26 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-25.xml
[2010.08.03 17:46:16 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-26.xml
[2010.09.15 20:32:50 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-27.xml
[2010.09.23 14:46:50 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-28.xml
[2010.10.25 09:52:25 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-29.xml
[2008.07.07 21:17:05 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-3.xml
[2010.11.03 19:28:09 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-30.xml
[2010.12.19 03:29:12 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-31.xml
[2011.03.05 16:39:04 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-32.xml
[2011.03.12 12:58:05 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-33.xml
[2008.10.16 17:23:46 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-4.xml
[2008.12.17 22:58:01 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-5.xml
[2009.02.04 20:05:39 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-6.xml
[2009.03.05 15:42:14 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-7.xml
[2009.03.29 11:11:05 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin-8.xml
[2009.04.23 14:02:49 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\icqplugin.xml
[2009.03.16 16:50:16 | 000,001,632 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\live-search.xml
[2009.11.22 01:09:14 | 000,001,196 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\tbqrb68m.default\searchplugins\winamp-search.xml
[2011.07.01 19:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.02.19 19:35:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.18 22:11:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(19)
[2010.05.14 11:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.09 14:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.20 13:57:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.12 13:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.15 23:21:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.01 21:34:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.06.07 20:45:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
[2010.02.19 19:35:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2008.12.12 14:32:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.03.24 23:04:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.09.24 18:47:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.10.21 17:48:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.11.17 17:24:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.05.14 11:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.09 14:44:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.20 13:57:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.12 13:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.15 23:21:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.01 21:34:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.06.07 20:45:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009.01.27 20:49:08 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
() (No name found) -- C:\USERS\GEORG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TBQRB68M.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\GEORG\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TBQRB68M.DEFAULT\EXTENSIONS\ILLIMITUX@ILLIMITUX.NET.XPI
[2011.04.07 15:04:10 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\USERS\***\EIGENE PROGRAMME\FREE DOWNLOADMANAGER\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.14 21:49:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programme\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Users\***\Eigene Programme\SPYBOT\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Users\***\Eigene Programme\Free Downloadmanager\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (HotSpot International Toolbar) - {0002ee26-8c11-49eb-9cdf-56eeffef664f} - C:\Programme\HotSpot_International\tbHotS.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ErgoMedia] C:\Programme\KYE\ErgoMedia\SyTray.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Programme\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Users\***\Eigene Programme\SPYBOT\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDockFree\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Users\***\Eigene Programme\Free Downloadmanager\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Users\***\Eigene Programme\Free Downloadmanager\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Users\***\Eigene Programme\Free Downloadmanager\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Users\***\Eigene Programme\Free Downloadmanager\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -  File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Users\***\Eigene Programme\SPYBOT\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Programme\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.06 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temporary Projects
[2011.08.04 20:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.07.20 20:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.07.20 20:22:18 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.07.20 20:22:16 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.07.20 20:18:21 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.07.13 22:45:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\subs
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.12 22:12:33 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.08.12 21:34:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.12 20:33:08 | 000,004,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.12 20:33:08 | 000,004,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.12 18:33:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.12 18:33:38 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2011.08.12 18:33:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.12 18:32:30 | 3354,517,504 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.11 18:21:09 | 000,747,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.11 18:21:09 | 000,706,234 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.11 18:21:09 | 000,173,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.11 18:21:09 | 000,147,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.07 22:58:50 | 000,176,128 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.12 22:12:33 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.07.25 23:46:07 | 324,995,340 | ---- | C] () -- C:\Users\***\Desktop\05-02-How_I_Met_Your_Mother-Doppelgnger-cineonws241.avi
[2011.07.25 23:45:54 | 325,027,332 | ---- | C] () -- C:\Users\***\Desktop\05-01-How_I_Met_Your_Mother-Zuckerbrot_und_Peitsche-cineonws833.avi
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.01 07:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.04.01 07:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.04.01 06:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.03.22 23:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.02.05 17:15:09 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010.04.17 13:40:52 | 000,001,852 | ---- | C] () -- C:\Users\***\AppData\Roaming\ImperatorProfile0.dat
[2010.02.21 16:41:15 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
[2010.02.07 14:32:48 | 000,005,760 | ---- | C] () -- C:\Windows\System32\drivers\yrtumdriver.sys
[2009.10.01 16:36:59 | 000,000,093 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2009.09.24 19:10:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.25 20:37:20 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2009.06.25 20:37:20 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2009.04.15 15:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\System32\OSD.dll
[2009.03.17 13:09:34 | 000,007,718 | ---- | C] () -- C:\Windows\cadx2.ini
[2008.12.12 18:18:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.04 21:19:21 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2008.10.01 22:31:38 | 000,138,440 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.10.01 22:31:38 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2008.10.01 22:31:18 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.05.30 19:22:22 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.30 19:18:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.05.13 16:51:43 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.05.10 14:18:19 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.05.10 14:18:19 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.05.02 14:20:03 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2007.12.15 23:13:59 | 000,165,504 | ---- | C] () -- C:\Windows\System32\drivers\atjsgt.sys
[2007.12.15 23:13:54 | 000,016,000 | ---- | C] () -- C:\Windows\System32\drivers\linsgt.sys
[2007.11.30 23:50:25 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.11.28 21:08:36 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007.08.18 14:41:59 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2007.08.12 13:39:35 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.07.05 16:53:55 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2007.07.05 16:53:55 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2007.07.05 16:52:49 | 000,000,225 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2007.07.05 16:52:49 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2007.07.05 16:46:16 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2007.07.03 21:10:06 | 000,176,128 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.20 20:27:13 | 000,000,065 | ---- | C] () -- C:\Programme\Common Files\appop.log
[2007.06.20 20:26:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.06.20 20:26:52 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.06.20 20:26:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.06.20 20:26:52 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.06.20 20:26:52 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.06.20 20:26:52 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.06.20 20:26:40 | 000,005,376 | ---- | C] () -- C:\Windows\System32\drivers\udffsrec.sys
[2007.06.20 19:35:22 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2007.06.20 19:35:22 | 000,012,664 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2007.06.20 19:35:20 | 000,012,096 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2007.06.20 19:35:20 | 000,010,304 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2007.06.20 19:29:11 | 000,002,032 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.18 21:44:48 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2002.03.04 10:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2011.01.16 02:59:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2010.04.24 15:12:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Artweaver
[2011.01.03 20:42:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2010.09.04 23:48:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari
[2011.01.03 20:56:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2008.10.28 23:32:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.04.10 21:56:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2011.04.23 12:16:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter
[2010.04.24 15:48:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.07.01 16:03:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hdbADS
[2011.08.12 22:12:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2007.09.21 21:55:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ Toolbar
[2007.09.21 22:07:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQLite
[2007.06.20 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo
[2009.01.01 15:28:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.09.04 23:47:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.07.13 21:36:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2009.03.07 22:01:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mumble
[2007.12.30 03:46:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Battle for Middle-earth Files
[2010.04.29 17:29:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2011.03.06 01:43:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.06.10 22:23:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PersonalBrain
[2008.12.28 14:42:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2011.04.23 20:42:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rainmeter
[2007.09.25 19:54:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2011.04.07 15:04:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Software Informer
[2009.09.06 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2011.04.21 20:28:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Stardock
[2011.06.24 18:58:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SumatraPDF
[2009.02.18 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds
[2010.08.20 19:38:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2008.11.24 11:17:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.06.06 17:51:11 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\Crysis Wars(R) Updates.job
[2011.08.12 18:33:38 | 000,000,252 | ---- | M] () -- C:\Windows\Tasks\RtlVistaStart.job
[2011.08.11 23:18:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:39413AC3

< End of report >

Alt 15.08.2011, 19:16   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
tr.dropper.gen in heruntergeladenen datei - Standard

tr.dropper.gen in heruntergeladenen datei


Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________
Antwort

Themen zu tr.dropper.gen in heruntergeladenen datei
0x00000001, alternate, antivir, autorun, avira, bho, bonjour, conduit, corp./icp, defender, desktop, error, excel.exe, explorer, firefox, fontcache, format, free download, hard disk, home, hotspot, hotspot shield, langs, logfile, monitor, mozilla, nodrives, nvidia, nvlddmkm.sys, nvstor.sys, plug-in, programm, programme, realtek, registry, safer networking, security, security scan, server, softonic, softonic deutsch toolbar, software, start menu, virus, vista


« BKA Trojaner | Bundespolizei Trojaner »


Ähnliche Themen: tr.dropper.gen in heruntergeladenen datei


  1. scr. Datei heruntergeladen, Link war als png. Datei angegeben
    Plagegeister aller Art und deren Bekämpfung - 05.01.2015 (3)
  2. (mehrere) Trojanermeldung(en) AVG (Win8.1) : "Trojaner: Dropper.Generic2.ANGG.dropper"
    Log-Analyse und Auswertung - 11.07.2014 (3)
  3. Mahnung von www.wahlbusch.de zip-Datei und darin enthaltene Datei geöffnet
    Log-Analyse und Auswertung - 18.04.2013 (7)
  4. OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (27)
  5. Photshop datei von Adebo geladen und TROJ_GEN.RC1H1AV in der Datei gefunden
    Log-Analyse und Auswertung - 11.02.2013 (1)
  6. H1N1 Datei fehlt in meiner rundll Datei, was tun?
    Log-Analyse und Auswertung - 19.01.2013 (13)
  7. Avira findet TR/ATRAPS.gen kann die Datei aber nicht löschen. Wie bekomme ich die Datei vom System?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (1)
  8. Datei: Postetikett#1485-245DE.zip Datei herunterladen
    Log-Analyse und Auswertung - 14.06.2012 (1)
  9. Glaube Verschlüsslungstrojaner(vor Datei locked nach datei pffp und andere änderungen)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  10. Die Datei 'C:\Windows\Temp\TMP0000064759850256FA402D57' mit TR/Dropper.gen
    Plagegeister aller Art und deren Bekämpfung - 22.11.2010 (2)
  11. Trojana TR/Dropper.gen in einer harmlosen Datei
    Plagegeister aller Art und deren Bekämpfung - 10.01.2010 (3)
  12. Trojaner in .rar Datei! Bitte um Analyse dieser Datei!!!
    Plagegeister aller Art und deren Bekämpfung - 23.08.2009 (12)
  13. TR/Dropper.Gen wird von Antivir in der Datei "regedt32.exe angezeigt
    Plagegeister aller Art und deren Bekämpfung - 17.03.2009 (2)
  14. MEMSCAN Trojan.Dropper.SSE mit Datei msmddlsrvde.exe nicht findbar
    Antiviren-, Firewall- und andere Schutzprogramme - 03.02.2009 (2)
  15. SPYBOT LOG DATEI mysteriös. bitte um auswertung der HIJACKTHIS LOG DATEI
    Log-Analyse und Auswertung - 29.01.2008 (0)
  16. trojan.dropper Datei ...\Temp\spoolsv32.exe
    Log-Analyse und Auswertung - 21.06.2007 (4)
  17. Trojaner in datei gefunden (datei aber nicht vorhanden)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2004 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema tr.dropper.gen in heruntergeladenen datei - Hallo, habe mir vorhin ein Programm zum hosten von dem Spiel Warcraft 3 heruntergeladen (Name von dem Programm lautet GhostOne). Beim entpacken der Datei hat sich Antivir allerdings mit dem - tr.dropper.gen in heruntergeladenen datei...
Archiv
Du betrachtest: tr.dropper.gen in heruntergeladenen datei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129