Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Dropper.gen - OLT Scan bitte checken

TR/Dropper.gen - OLT Scan bitte checken


Plagegeister aller Art und deren Bekämpfung: TR/Dropper.gen - OLT Scan bitte checken

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 04.08.2010, 20:13   #1
Ginnie217
 
TR/Dropper.gen - OLT Scan bitte checken - Standard

TR/Dropper.gen - OLT Scan bitte checken


Hallo Larusso,

ich hab mir auch den TR.Dropper.Gen eingefangen über die Googlebildsuche :-( Ich hab den Antivir-Scan durchlaufen lassen, bin seit heute morgen "virenfrei"

Trotzdem traue ich dem Trojaner nicht. Kannst Du Dir bitte den OLT-und den Extra-Scan anschauen, ob dort etwas verdächtiges zu sehen ist?

Vielen Dank und Grüße

OLT.txt (zu gross für Anhang)

OTL logfile created on: 04.08.2010 20:31:28 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Ulli\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,56 Gb Total Space | 172,65 Gb Free Space | 61,98% Space Free | Partition Type: NTFS
Drive D: | 19,52 Gb Total Space | 9,69 Gb Free Space | 49,66% Space Free | Partition Type: FAT32
Drive E: | 672,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ULLI-PC
Current User Name: Ulli
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.08.04 20:27:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Ulli\Downloads\OTL.exe
PRC - [2010.04.23 19:52:08 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.27 17:58:58 | 000,476,528 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2009.10.27 17:58:48 | 000,730,480 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.30 17:25:58 | 000,970,240 | ---- | M] (Spigot, Inc.) -- C:\Programme\pdfforge Toolbar\SearchSettings.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.08.06 17:18:52 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.08.04 16:45:16 | 005,779,456 | ---- | M] () -- C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2008.06.27 10:57:34 | 000,561,152 | ---- | M] (MSI) -- C:\Programme\System Control Manager\MGSysCtrl.exe
PRC - [2008.03.20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Programme\HomeCinema\PowerDVD8\PDVD8Serv.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.08.23 14:37:18 | 000,061,440 | ---- | M] () -- C:\Programme\System Control Manager\edd.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006.09.11 04:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe


========== Modules (SafeList) ==========

MOD - [2010.08.04 20:27:41 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Ulli\Downloads\OTL.exe
MOD - [2009.10.27 17:59:06 | 000,628,080 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009.03.30 06:42:16 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcr80.dll
MOD - [2009.03.30 06:42:16 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcp80.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010.08.03 21:45:58 | 000,137,184 | ---- | M] () [On_Demand | Stopped] -- c:\app\Ulli\product\11.1.0\db_1\ccr\bin\nmz.exe -- (OracleOraDb11g_home1ConfigurationManager)
SRV - [2010.04.23 19:52:08 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.12.04 16:36:20 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [On_Demand | Stopped] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.10.27 17:58:58 | 000,476,528 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009.01.26 08:34:20 | 000,163,840 | ---- | M] () [On_Demand | Stopped] -- C:\app\Ulli\product\11.1.0\db_1\bin\OraVSSW.exe -- (OracleVssWriterORCL)
SRV - [2009.01.26 08:34:04 | 094,076,928 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- c:\app\ulli\product\11.1.0\db_1\bin\ORACLE.EXE -- (OracleServiceORCL)
SRV - [2009.01.26 08:33:50 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\app\ulli\product\11.1.0\db_1\Bin\extjob.exe -- (OracleJobSchedulerORCL)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.09.17 13:43:40 | 000,045,056 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\app\Ulli\product\11.1.0\db_1\BIN\nmesrvc.exe -- (OracleDBConsoleorcl)
SRV - [2008.09.17 13:02:34 | 000,479,232 | ---- | M] () [On_Demand | Stopped] -- C:\app\Ulli\product\11.1.0\db_1\BIN\TNSLSNR.exe -- (OracleOraDb11g_home1TNSListener)
SRV - [2008.08.04 16:45:16 | 005,779,456 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007.08.23 14:37:18 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\edd.exe -- (NishService)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.02.02 00:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\OracleExpress\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006.02.02 00:49:14 | 000,204,800 | ---- | M] () [On_Demand | Stopped] -- C:\OracleExpress\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006.02.02 00:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\OracleExpress\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006.02.02 00:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oracleexpress\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006.02.02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- c:\oracleexpress\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ulli\AppData\Local\Temp\iatmunin.sys -- (iatmunin)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.04 16:36:24 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009.11.16 04:13:14 | 000,216,576 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.27 17:58:32 | 000,025,208 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.09.09 11:58:32 | 000,099,216 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.08.06 17:11:06 | 002,164,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.07.29 17:07:28 | 002,457,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.05.19 13:45:24 | 000,380,416 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.12.22 05:21:52 | 000,019,456 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MGHwCtrl.sys -- (MGHwCtrl)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoouk.start.iplay.com
IE - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.29


FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010.06.17 20:31:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.27 18:19:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.27 18:19:43 | 000,000,000 | ---D | M]

[2010.03.23 19:21:20 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\mozilla\Extensions
[2010.08.03 21:21:02 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\5cpa1gko.default\extensions
[2010.04.30 07:57:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\5cpa1gko.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.30 07:58:12 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\5cpa1gko.default\extensions\personas@christopher.beard
[2010.05.13 13:30:34 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.13 13:30:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.12 20:49:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.12 20:49:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.12 20:49:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.12 20:49:10 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.12 20:49:10 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Netviewer Support) - {4BE8B65B-EE14-40C1-B6BB-31E494FE6EBA} - C:\Programme\Netviewer\Support\Plugin\IE plugin\NVIEPluginSupport.dll (Netviewer AG)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (&Netviewer Support) - {E1F9EDE7-EF90-4A65-A5A4-D2FFEEA5D469} - C:\Programme\Netviewer\Support\Plugin\IE plugin\NVIEPluginSupport.dll (Netviewer AG)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (MSI)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\HomeCinema\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found
O4 - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-3000566857-1028030334-1319512794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Ulli\Pictures\tobesorted\fruity_1024x768.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ulli\Pictures\tobesorted\fruity_1024x768.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008.10.24 01:56:12 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:58:07 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:57:48 | 000,000,166 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{9ac706b7-b595-11dd-a5f1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9ac706b7-b595-11dd-a5f1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{e2d81e95-96ca-11de-bf8a-002185db4d68}\Shell - "" = AutoRun
O33 - MountPoints2\{e2d81e95-96ca-11de-bf8a-002185db4d68}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010.08.04 00:08:30 | 000,000,000 | ---D | C] -- C:\Users\Ulli\Pavark
[2010.08.03 23:36:49 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.08.03 23:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.08.03 23:13:38 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\WinRAR
[2010.08.03 23:12:49 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.07.31 20:27:05 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\freshgames
[2010.07.31 20:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\freshgames
[2010.07.27 18:44:39 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Local\Artogon
[2010.07.16 19:13:59 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\Babylonia
[2010.07.15 14:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Sandlot Games
[2010.07.11 11:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Exorcist DS
[2010.07.03 20:11:53 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\EleFun Games
[2010.07.02 18:45:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\intenium
[2010.06.26 19:20:12 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\Fugazo
[2010.06.17 22:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Dekovir
[2010.06.12 22:44:14 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\Gestalt Games
[2010.06.12 22:22:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Oberon Media
[2010.06.12 22:22:02 | 000,000,000 | ---D | C] -- C:\Programme\Oberon Media
[2010.06.12 19:46:20 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\Facebook
[2010.06.09 18:22:03 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\PlayFirst
[2010.06.09 18:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2010.06.05 21:32:10 | 000,000,000 | ---D | C] -- C:\Windows\IswTmp
[2010.06.04 10:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\CheckPoint
[2010.06.04 10:23:12 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2010.06.04 10:23:08 | 000,046,472 | ---- | C] (Zone Labs Inc.) -- C:\Windows\System32\vsutil_loc0407.dll
[2010.06.04 10:22:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2010.06.04 10:22:36 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs
[2010.06.04 10:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010.06.04 10:22:08 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010.06.03 14:23:41 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\GraveyardShift
[2010.05.27 18:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2010.05.25 20:05:51 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\Nevosoft Games
[2010.05.25 15:29:20 | 000,000,000 | ---D | C] -- C:\Programme\DEUTSCHLAND SPIELT
[2010.05.21 20:18:05 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\Farm Mania 2
[2010.05.14 10:42:15 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Local\Deadtime Stories

========== Files - Modified Within 90 Days ==========

[2010.08.04 20:35:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010.08.04 20:31:12 | 003,407,872 | -HS- | M] () -- C:\Users\Ulli\NTUSER.DAT
[2010.08.04 19:33:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.04 19:33:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.04 19:33:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.04 19:33:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.04 19:33:10 | 3212,087,296 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.04 12:47:52 | 000,524,288 | -HS- | M] () -- C:\Users\Ulli\NTUSER.DAT{dc8661a0-1679-11df-a5f5-002185db4d68}.TMContainer00000000000000000001.regtrans-ms
[2010.08.04 12:47:52 | 000,065,536 | -HS- | M] () -- C:\Users\Ulli\NTUSER.DAT{dc8661a0-1679-11df-a5f5-002185db4d68}.TM.blf
[2010.08.04 12:47:40 | 002,707,213 | -H-- | M] () -- C:\Users\Ulli\AppData\Local\IconCache.db
[2010.08.04 09:39:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_8_4_9_39_21.dmp
[2010.08.04 00:47:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_8_4_0_47_37.dmp
[2010.08.03 23:37:03 | 000,001,075 | ---- | M] () -- C:\Users\Ulli\Desktop\Spybot - Search & Destroy.lnk
[2010.08.03 22:13:25 | 000,019,480 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_8_3_22_13_9.dmp
[2010.08.01 10:58:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_8_1_10_58_14.dmp
[2010.07.31 20:55:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_31_20_55_48.dmp
[2010.07.31 20:26:20 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\Ranch Rush 2.lnk
[2010.07.31 20:21:32 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
[2010.07.31 16:18:40 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_31_16_18_40.dmp
[2010.07.31 09:31:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_31_9_31_22.dmp
[2010.07.29 17:50:50 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_29_17_50_50.dmp
[2010.07.29 13:28:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_29_13_28_9.dmp
[2010.07.28 20:02:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_28_20_2_38.dmp
[2010.07.23 16:43:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_23_16_43_28.dmp
[2010.07.23 00:08:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_23_0_8_37.dmp
[2010.07.22 16:16:17 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk
[2010.07.22 16:16:15 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\Cake Mania Main Street.lnk
[2010.07.20 17:33:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_20_17_33_23.dmp
[2010.07.19 08:27:14 | 000,020,986 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_19_8_27_8.dmp
[2010.07.18 22:55:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_18_22_55_44.dmp
[2010.07.18 09:32:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_18_9_32_33.dmp
[2010.07.17 19:23:15 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_17_19_23_15.dmp
[2010.07.15 14:53:50 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\CakeMania3.lnk
[2010.07.15 14:53:07 | 000,001,328 | ---- | M] () -- C:\Users\Public\Desktop\Das rätselhafte Kristall-Portal.lnk
[2010.07.11 12:13:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_11_12_13_20.dmp
[2010.07.11 10:55:23 | 001,432,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.11 10:55:23 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.11 10:55:23 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.11 10:55:23 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.11 10:55:23 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.10 10:26:54 | 000,019,416 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_10_10_26_39.dmp
[2010.07.09 18:11:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_9_18_11_12.dmp
[2010.07.06 21:13:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_6_21_13_30.dmp
[2010.07.05 21:09:57 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_5_21_9_57.dmp
[2010.07.03 16:13:25 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.03 14:14:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_3_14_14_14.dmp
[2010.07.03 09:08:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_7_3_9_8_10.dmp
[2010.06.26 18:39:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_26_18_39_21.dmp
[2010.06.24 16:41:19 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_24_16_41_19.dmp
[2010.06.22 23:12:00 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_22_23_12_0.dmp
[2010.06.22 10:01:05 | 000,021,594 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_22_10_0_58.dmp
[2010.06.20 20:15:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_20_20_15_25.dmp
[2010.06.18 20:59:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_18_20_59_48.dmp
[2010.06.18 18:06:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_18_18_6_48.dmp
[2010.06.17 22:54:36 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_17_22_54_36.dmp
[2010.06.12 22:50:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_12_22_50_33.dmp
[2010.06.12 21:47:42 | 000,330,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.12 08:50:05 | 000,020,888 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_12_8_49_59.dmp
[2010.06.12 08:42:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_12_8_42_58.dmp
[2010.06.09 17:37:26 | 000,001,024 | ---- | M] () -- C:\Users\Ulli\.rnd
[2010.06.08 18:42:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_8_18_42_53.dmp
[2010.06.07 18:38:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_7_18_38_6.dmp
[2010.06.06 19:07:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_6_19_7_37.dmp
[2010.06.06 08:52:32 | 000,027,970 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_6_8_52_27.dmp
[2010.06.05 20:39:31 | 000,036,196 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_5_20_39_24.dmp
[2010.06.04 10:37:20 | 000,021,698 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_4_10_37_12.dmp
[2010.06.04 10:34:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_4_10_34_24.dmp
[2010.06.04 10:23:48 | 000,422,437 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010.06.04 10:23:10 | 000,005,977 | ---- | M] () -- C:\Windows\System32\vsconfig.xml
[2010.06.04 10:23:10 | 000,000,875 | ---- | M] () -- C:\Users\Ulli\Desktop\ZoneAlarm Security.lnk
[2010.06.03 23:01:47 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_3_23_1_47.dmp
[2010.06.03 19:28:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_3_19_28_48.dmp
[2010.06.01 19:48:17 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_6_1_19_48_17.dmp
[2010.05.31 17:32:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_31_17_32_7.dmp
[2010.05.30 14:58:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_30_14_58_18.dmp
[2010.05.28 15:58:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_28_15_58_3.dmp
[2010.05.27 15:43:20 | 000,018,058 | ---- | M] () -- C:\Users\Ulli\Desktop\cover-letter-template.gif
[2010.05.26 22:13:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_26_22_13_2.dmp
[2010.05.24 10:59:46 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_24_10_59_46.dmp
[2010.05.23 12:38:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_23_12_38_32.dmp
[2010.05.20 09:38:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_20_9_38_29.dmp
[2010.05.15 23:34:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_15_23_34_49.dmp
[2010.05.14 20:21:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_14_20_21_18.dmp
[2010.05.14 16:30:04 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_14_16_30_4.dmp
[2010.05.13 21:29:21 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_13_21_29_21.dmp
[2010.05.13 09:30:32 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_13_9_30_32.dmp
[2010.05.12 20:24:01 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_12_20_24_1.dmp
[2010.05.10 09:23:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_10_9_23_12.dmp
[2010.05.09 20:43:35 | 000,000,000 | ---- | M] () -- C:\Windows\System32\nmesrvc_core_2010_5_9_20_43_35.dmp

========== Files Created - No Company Name ==========

[2010.08.04 09:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_8_4_9_39_21.dmp
[2010.08.04 00:47:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_8_4_0_47_37.dmp
[2010.08.03 23:37:03 | 000,001,075 | ---- | C] () -- C:\Users\Ulli\Desktop\Spybot - Search & Destroy.lnk
[2010.08.03 22:13:09 | 000,019,480 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_8_3_22_13_9.dmp
[2010.08.01 10:58:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_8_1_10_58_14.dmp
[2010.07.31 20:55:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_31_20_55_48.dmp
[2010.07.31 20:26:20 | 000,001,911 | ---- | C] () -- C:\Users\Public\Desktop\Ranch Rush 2.lnk
[2010.07.31 20:21:32 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
[2010.07.31 16:18:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_31_16_18_40.dmp
[2010.07.31 09:31:22 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_31_9_31_22.dmp
[2010.07.29 17:50:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_29_17_50_50.dmp
[2010.07.29 13:28:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_29_13_28_9.dmp
[2010.07.28 20:02:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_28_20_2_38.dmp
[2010.07.23 16:43:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_23_16_43_28.dmp
[2010.07.23 00:08:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_23_0_8_37.dmp
[2010.07.22 16:16:15 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\Cake Mania Main Street.lnk
[2010.07.20 17:33:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_20_17_33_23.dmp
[2010.07.19 08:27:08 | 000,020,986 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_19_8_27_8.dmp
[2010.07.18 22:55:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_18_22_55_44.dmp
[2010.07.18 09:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_18_9_32_33.dmp
[2010.07.17 19:23:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_17_19_23_15.dmp
[2010.07.15 14:53:50 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\CakeMania3.lnk
[2010.07.15 14:53:07 | 000,001,328 | ---- | C] () -- C:\Users\Public\Desktop\Das rätselhafte Kristall-Portal.lnk
[2010.07.11 12:13:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_11_12_13_20.dmp
[2010.07.11 11:29:17 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\GAME CENTER.lnk
[2010.07.10 10:26:39 | 000,019,416 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_10_10_26_39.dmp
[2010.07.09 18:11:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_9_18_11_12.dmp
[2010.07.06 21:13:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_6_21_13_30.dmp
[2010.07.05 21:09:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_5_21_9_57.dmp
[2010.07.03 14:14:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_3_14_14_14.dmp
[2010.07.03 09:08:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_7_3_9_8_10.dmp
[2010.06.26 18:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_26_18_39_21.dmp
[2010.06.24 16:41:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_24_16_41_19.dmp
[2010.06.22 23:12:00 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_22_23_12_0.dmp
[2010.06.22 10:00:58 | 000,021,594 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_22_10_0_58.dmp
[2010.06.20 20:15:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_20_20_15_25.dmp
[2010.06.18 20:59:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_18_20_59_48.dmp
[2010.06.18 18:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_18_18_6_48.dmp
[2010.06.17 22:54:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_17_22_54_36.dmp
[2010.06.12 22:50:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_12_22_50_33.dmp
[2010.06.12 08:49:59 | 000,020,888 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_12_8_49_59.dmp
[2010.06.12 08:42:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_12_8_42_58.dmp
[2010.06.08 18:42:54 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_8_18_42_53.dmp
[2010.06.07 18:38:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_7_18_38_6.dmp
[2010.06.06 19:07:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_6_19_7_37.dmp
[2010.06.06 08:52:28 | 000,027,970 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_6_8_52_27.dmp
[2010.06.05 20:39:24 | 000,036,196 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_5_20_39_24.dmp
[2010.06.04 10:37:12 | 000,021,698 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_4_10_37_12.dmp
[2010.06.04 10:34:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_4_10_34_24.dmp
[2010.06.04 10:23:10 | 000,000,875 | ---- | C] () -- C:\Users\Ulli\Desktop\ZoneAlarm Security.lnk
[2010.06.04 10:23:09 | 000,005,977 | ---- | C] () -- C:\Windows\System32\vsconfig.xml
[2010.06.04 10:22:37 | 000,422,437 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010.06.03 23:01:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_3_23_1_47.dmp
[2010.06.03 19:28:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_3_19_28_48.dmp
[2010.06.01 19:48:17 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_6_1_19_48_17.dmp
[2010.05.31 17:32:07 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_31_17_32_7.dmp
[2010.05.30 14:58:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_30_14_58_18.dmp
[2010.05.28 15:58:03 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_28_15_58_3.dmp
[2010.05.26 22:13:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_26_22_13_2.dmp
[2010.05.24 10:59:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_24_10_59_46.dmp
[2010.05.23 12:38:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_23_12_38_32.dmp
[2010.05.20 09:38:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_20_9_38_29.dmp
[2010.05.15 23:34:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_15_23_34_49.dmp
[2010.05.14 20:21:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_14_20_21_18.dmp
[2010.05.14 16:30:04 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_14_16_30_4.dmp
[2010.05.13 21:29:21 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_13_21_29_21.dmp
[2010.05.13 09:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_13_9_30_32.dmp
[2010.05.12 20:24:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_12_20_24_1.dmp
[2010.05.10 09:23:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_10_9_23_12.dmp
[2010.05.09 20:43:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nmesrvc_core_2010_5_9_20_43_35.dmp
[2009.10.30 16:17:06 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.09.24 09:20:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 13:14:54 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.09.11 13:14:54 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\7CA21FBF99.sys
[2009.06.02 20:40:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.03.05 07:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008.10.10 11:53:40 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2008.10.10 11:53:40 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2008.10.10 11:18:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1537.dll
[2006.12.04 02:25:14 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugs1l3.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009.10.29 17:57:50 | 000,000,000 | -HSD | M] -- C:\Users\Ulli\AppData\Roaming\.#
[2010.07.16 20:13:57 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Babylonia
[2010.06.04 10:23:24 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\CheckPoint
[2010.03.17 19:50:41 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\City Interactive 3 Days Zoo Mystery
[2010.04.25 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Dekovir
[2010.07.03 20:11:53 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\EleFun Games
[2010.06.12 19:46:21 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Facebook
[2010.05.21 20:18:05 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Farm Mania 2
[2010.07.12 20:04:57 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Flood Light Games
[2010.07.31 20:27:05 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\freshgames
[2010.07.09 15:14:10 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Fugazo
[2010.06.12 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Gestalt Games
[2009.10.31 16:47:27 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Gogii Games
[2010.06.03 14:23:41 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\GraveyardShift
[2009.09.11 13:19:45 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\IrfanView
[2010.04.18 22:04:42 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Meridian93
[2010.05.25 20:05:51 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Nevosoft Games
[2009.11.15 14:27:46 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Oberon Games
[2010.06.20 20:15:00 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\PlayFirst
[2010.02.08 13:53:17 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Python-Eggs
[2008.12.06 23:49:05 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\StarOffice
[2010.01.19 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Template
[2009.08.27 16:20:36 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Yahoo 3 Days Zoo Mystery
[2009.08.28 14:16:38 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Yahoov1001
[2010.08.04 12:48:35 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.04 20:35:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.10.10 20:58:08 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.07.22 17:19:08 | 000,000,000 | ---- | M] () -- C:\GameCenterResultLog.txt
[2010.08.04 19:33:10 | 3212,087,296 | -HS- | M] () -- C:\hiberfil.sys
[2009.06.02 22:13:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.06.02 22:13:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.08.04 19:33:09 | 3525,914,624 | -HS- | M] () -- C:\pagefile.sys
[2008.10.10 07:41:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008.10.10 13:38:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008.10.14 14:23:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008.10.10 07:41:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008.10.10 13:38:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008.10.14 14:23:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2006.09.18 02:57:22 | 000,019,456 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\spool\prtprocs\w32x86\sugs1pc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2008.07.18 20:39:16 | 000,587,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-03 11:45:07

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:27B99ED6
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B606BA34
< End of report >

Alt 05.08.2010, 20:36   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.gen - OLT Scan bitte checken - Standard

TR/Dropper.gen - OLT Scan bitte checken


Zitat:
ich hab mir auch den TR.Dropper.Gen eingefangen über die Googlebildsuche :-( Ich hab den Antivir-Scan durchlaufen lassen, bin seit heute morgen "virenfrei"
Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!
Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.
__________________

__________________
Antwort

Themen zu TR/Dropper.gen - OLT Scan bitte checken
alternate, autorun, avgntflt.sys, avira, bho, checkpoint, components, corp./icp, defender, desktop, error, excel.exe, explorer, firefox, format, home, home premium, local\temp, location, logfile, mozilla, nvstor.sys, oldtimer, pdfforge toolbar, plug-in, port, programdata, realtek, registry, safer networking, scan, searchplugins, searchsettings.dll, senden, server, software, spigot, temp, tr/dropper.gen, trojaner, vista, wmi


« Keylogger Trojan-Spy.Win32.KeyLogger.cqd in Windows32 | Problem mit TR/Renos.125952.2 »


Ähnliche Themen: TR/Dropper.gen - OLT Scan bitte checken


  1. Windows 7: TR/Dropper.gen beim Avira-Scan gefunden
    Log-Analyse und Auswertung - 31.08.2013 (11)
  2. Scan/ Warnung TR/Dropper.Gen und TR/Spy.Keylogger
    Log-Analyse und Auswertung - 11.01.2010 (3)
  3. Virus-scan fand trojan.Dropper, GayCodec.lookAlert...(vollständige liste im thread)
    Log-Analyse und Auswertung - 07.01.2010 (30)
  4. TR/Dropper.Gen auf USB entdeckt - Rootkit im System! Bitte Logfiles checken!
    Log-Analyse und Auswertung - 22.01.2009 (3)
  5. Bitte mal checken
    Mülltonne - 02.01.2009 (6)
  6. Bitte mal checken!
    Mülltonne - 23.01.2008 (0)
  7. Bitte mal Checken!!!
    Mülltonne - 19.09.2007 (0)
  8. HJT log Bitte checken
    Mülltonne - 07.09.2007 (0)
  9. Bitte Log checken
    Mülltonne - 15.06.2007 (0)
  10. SCVHOST.EXE Log file bitte checken! Bitte um hilfe
    Log-Analyse und Auswertung - 06.06.2007 (8)
  11. Bitte mal checken
    Log-Analyse und Auswertung - 09.11.2006 (1)
  12. Bitte log checken
    Log-Analyse und Auswertung - 29.09.2006 (3)
  13. Bitte log checken
    Mülltonne - 28.09.2006 (1)
  14. Bitte Checken
    Log-Analyse und Auswertung - 20.09.2005 (2)
  15. Bitte Checken!!
    Log-Analyse und Auswertung - 05.09.2005 (4)
  16. Bitte mal checken
    Log-Analyse und Auswertung - 22.04.2005 (4)
  17. bitte log checken
    Log-Analyse und Auswertung - 19.04.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Dropper.gen - OLT Scan bitte checken - Hallo Larusso, ich hab mir auch den TR.Dropper.Gen eingefangen über die Googlebildsuche :-( Ich hab den Antivir-Scan durchlaufen lassen, bin seit heute morgen "virenfrei" Trotzdem traue ich dem Trojaner nicht. - TR/Dropper.gen - OLT Scan bitte checken...
Archiv
Du betrachtest: TR/Dropper.gen - OLT Scan bitte checken auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129