Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Spyeyes von Malwarebytes gefunden&entfernt --> AUSREICHEND?

Spyeyes von Malwarebytes gefunden&entfernt --> AUSREICHEND?


Plagegeister aller Art und deren Bekämpfung: Spyeyes von Malwarebytes gefunden&entfernt --> AUSREICHEND?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.08.2011, 12:00   #1
Leda
 
Spyeyes von Malwarebytes gefunden&entfernt --> AUSREICHEND? - Standard

Spyeyes von Malwarebytes gefunden&entfernt --> AUSREICHEND?


Hallo zusammen,

meine Firewall hat mir vor einigen Tagen angezeigt, dass die Datei Systray. exe stub eine Internetverbindung aufbauen möchte. Da ich misstrauisch war, habe ich das blockiert.

Nachdem ich heute dann mal nach Systray.exe stub gegooglet habe und es sich offensichtlich um einen Schädling handelt, habe ich einen Malewarebytes Systemscan durchgeführt, wie empfohlen. Der hat auch prompt den Trojaner "Spy Eyes" gefunden ( )
Hier der Log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7416

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09.08.2011 12:06:53
mbam-log-2011-08-09 (12-06-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Durchsuchte Objekte: 308445
Laufzeit: 46 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3A9F7XWI5WSGWACA (Rootkit.0Access.XGen) -> Value: 4Y3Y0C3A9F7XWI5WSGWACA -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Recycle.Bin\b6232f3a621.exe (Rootkit.0Access.XGen) -> Quarantined and deleted successfully.
c:\Recycle.Bin\261b38055b9a195 (Trojan.Spyeyes) -> Quarantined and deleted successfully.


Die entsprechenden Dateien wurden laut mbam erfolgreich gelöscht und der PC neu gestartet. Die entsprechenden Dateien aus dem Ordner "Temp" hab ich von Hand gelöscht-sind auch nicht wieder aufgekreuzt. Im Task Manager erscheint "Systray.exe stub" nicht mehr bei den Prozessen und ein mbam Quick Scan sah folgendermaßen aus:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7416

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09.08.2011 12:55:44
mbam-log-2011-08-09 (12-55-44).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 168612
Laufzeit: 25 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Ist die Gefahr damit nun gebannt oder trügt der Schein?!

Freu mich über Hilfe!

LG

Alt 09.08.2011, 12:28   #2
Leda
 
Spyeyes von Malwarebytes gefunden&entfernt --> AUSREICHEND? - Standard

Spyeyes von Malwarebytes gefunden&entfernt --> AUSREICHEND?


OTL-Log
____
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 8/9/2011 1:08:39 PM - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 57.16% Memory free
7.60 Gb Paging File | 5.74 Gb Available in Paging File | 75.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 145.63 Gb Free Space | 81.36% Space Free | Partition Type: NTFS
Drive D: | 266.66 Gb Total Space | 238.54 Gb Free Space | 89.46% Space Free | Partition Type: NTFS
Drive E: | 7.46 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: SAWYER | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/08/09 13:07:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2011/07/14 00:06:38 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/08 09:31:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/28 13:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/06/28 13:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/04/21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2011/02/18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/10/13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/06/03 13:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/04/15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/08/09 13:07:46 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
MOD - [2011/02/15 17:25:56 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/12/29 08:55:34 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
MOD - [2009/06/10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009/06/10 23:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/02/15 17:26:18 | 000,822,264 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010/09/22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/07/14 00:06:38 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/28 13:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/07/14 00:06:39 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/14 00:06:39 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/29 12:12:00 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/15 17:25:38 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2010/12/28 11:05:06 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/28 11:05:06 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/14 22:46:56 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/20 08:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV - [2011/07/12 19:30:10 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011/02/15 08:00:32 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\vsdatant.sys -- (Vsdatant)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011/07/30 16:47:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010/11/08 02:40:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/08 02:40:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/08 02:41:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/07/30 15:01:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/29 11:48:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011/07/12 19:17:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011/07/30 15:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\l0cvz8oh.default\extensions
[2011/07/30 15:01:01 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\l0cvz8oh.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011/06/29 09:27:36 | 000,000,943 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\l0cvz8oh.default\searchplugins\conduit.xml
File not found (No name found) -- 
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/08/09 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011/08/09 11:15:51 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/09 11:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/09 11:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/09 11:15:47 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/08/09 11:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/09 10:00:03 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ForceField Shared Files
[2011/08/08 18:56:43 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\gegl-0.0
[2011/08/08 13:11:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\CyberLink
[2011/08/08 01:13:39 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2011/08/07 19:43:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
[2011/08/07 19:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2011/08/07 19:43:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2011/08/03 15:04:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics
[2011/08/01 00:12:39 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2011/07/30 15:00:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm-Sicherheit
[2011/07/30 15:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011/07/30 15:00:18 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\windows\SysWow64\vsutil_loc0407.dll
[2011/07/30 14:59:59 | 000,000,000 | ---D | C] -- C:\windows\SysNative\ZoneLabs
[2011/07/29 22:44:29 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\STUDIUM
[2011/07/29 11:57:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CheckPoint
[2011/07/29 11:57:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Conduit
[2011/07/29 11:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/07/29 11:55:33 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\ZoneLabs
[2011/07/29 11:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011/07/29 11:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/07/29 11:44:33 | 000,000,000 | ---D | C] -- C:\windows\Internet Logs
[2011/07/28 23:32:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{A6153A38-A520-4B79-9161-05F2B7B69AF6}
[2011/07/28 23:32:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{190D38EE-82F9-4E77-83D5-784A2F185880}
[2011/07/28 23:17:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2011/07/26 22:49:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2011/07/26 22:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2011/07/22 21:20:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011/07/22 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails
[2011/07/22 21:17:42 | 000,000,000 | ---D | C] -- C:\Users\***\.gimp-2.6
[2011/07/22 21:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011/07/22 21:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2011/07/17 18:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/07/16 22:40:52 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Studium
[2011/07/12 21:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011/07/12 19:40:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2011/07/12 19:39:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2011/07/12 19:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/07/12 19:30:42 | 000,123,784 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2011/07/12 19:30:42 | 000,088,288 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2011/07/12 19:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/07/12 19:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/07/12 19:30:14 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\windows\SysNative\drivers\SBREDrv.sys
[2011/07/12 19:22:39 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\windows\SysNative\drivers\Lbd.sys
[2011/07/12 19:22:39 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2011/07/12 19:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/07/12 19:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/07/12 19:22:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/07/12 19:17:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2011/07/12 19:17:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2011/07/12 19:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/07/12 19:13:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/08/09 12:51:52 | 000,000,408 | ---- | M] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2011/08/09 12:18:01 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/09 12:18:01 | 000,013,936 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/09 12:08:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/09 12:08:43 | 4081,635,328 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/09 11:15:52 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/08 19:09:30 | 000,003,945 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2011/08/08 18:56:28 | 001,500,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/08/08 18:56:28 | 000,654,610 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2011/08/08 18:56:28 | 000,616,452 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/08/08 18:56:28 | 000,130,192 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2011/08/08 18:56:28 | 000,106,574 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/08/05 00:08:56 | 000,000,064 | ---- | M] () -- C:\windows\SysWow64\rp_stats.dat
[2011/08/05 00:08:56 | 000,000,044 | ---- | M] () -- C:\windows\SysWow64\rp_rules.dat
[2011/07/30 16:37:49 | 001,455,243 | ---- | M] () -- C:\Users\***\Documents\b90.wma
[2011/07/30 16:34:50 | 000,503,363 | ---- | M] () -- C:\Users\***\Documents\Unbenannt (8).wma
[2011/07/30 15:01:29 | 000,420,800 | ---- | M] () -- C:\windows\SysNative\drivers\vsconfig.xml
[2011/07/30 15:00:20 | 000,011,954 | ---- | M] () -- C:\windows\SysWow64\vsconfig.xml
[2011/07/30 15:00:20 | 000,001,066 | ---- | M] () -- C:\Users\***\Desktop\ZoneAlarm Security.lnk
[2011/07/27 17:37:00 | 000,277,160 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/07/26 23:15:57 | 001,329,523 | ---- | M] () -- C:\Users\***\Documents\Unbenannt (7).wma
[2011/07/26 23:09:37 | 001,342,993 | ---- | M] () -- C:\Users\***\Documents\Unbenannt (6).wma
[2011/07/26 20:34:41 | 000,444,993 | ---- | M] () -- C:\Users\***\Documents\Unbenannt (5).wma
[2011/07/22 21:17:18 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/07/21 17:27:41 | 000,979,303 | ---- | M] () -- C:\Users\***\Documents\Unbenannt (4).wma
[2011/07/21 17:21:40 | 000,965,833 | ---- | M] () -- C:\Users\***\Documents\Unbenannt (3).wma
[2011/07/21 17:20:14 | 000,929,913 | ---- | M] () -- C:\Users\***\Documents\Unbenannt (2).wma
[2011/07/21 17:14:46 | 000,786,233 | ---- | M] () -- C:\Users\***\Documents\Unbenannt.wma
[2011/07/14 00:24:00 | 000,002,461 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Word Starter 2010.lnk
[2011/07/14 00:21:14 | 003,131,248 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/07/14 00:06:39 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys
[2011/07/14 00:06:39 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys
[2011/07/12 19:31:02 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/07/12 19:30:11 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\windows\SysNative\drivers\SBREDrv.sys
[2011/07/12 19:22:40 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/07/12 19:17:04 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/08/09 11:15:52 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/09 09:59:57 | 000,000,408 | ---- | C] () -- C:\windows\tasks\Ad-Aware Update (Weekly).job
[2011/08/08 19:09:30 | 000,003,945 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011/07/30 16:37:49 | 001,455,243 | ---- | C] () -- C:\Users\***\Documents\b90.wma
[2011/07/30 16:34:50 | 000,503,363 | ---- | C] () -- C:\Users\***\Documents\Unbenannt (8).wma
[2011/07/30 15:00:20 | 000,001,066 | ---- | C] () -- C:\Users\***\Desktop\ZoneAlarm Security.lnk
[2011/07/29 11:56:35 | 000,011,954 | ---- | C] () -- C:\windows\SysWow64\vsconfig.xml
[2011/07/29 11:55:32 | 000,420,800 | ---- | C] () -- C:\windows\SysNative\drivers\vsconfig.xml
[2011/07/26 23:15:57 | 001,329,523 | ---- | C] () -- C:\Users\***\Documents\Unbenannt (7).wma
[2011/07/26 23:09:37 | 001,342,993 | ---- | C] () -- C:\Users\***\Documents\Unbenannt (6).wma
[2011/07/26 22:45:17 | 000,002,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2011/07/26 20:34:41 | 000,444,993 | ---- | C] () -- C:\Users\***\Documents\Unbenannt (5).wma
[2011/07/22 21:17:18 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/07/21 17:27:41 | 000,979,303 | ---- | C] () -- C:\Users\***\Documents\Unbenannt (4).wma
[2011/07/21 17:21:40 | 000,965,833 | ---- | C] () -- C:\Users\***\Documents\Unbenannt (3).wma
[2011/07/21 17:20:14 | 000,929,913 | ---- | C] () -- C:\Users\***\Documents\Unbenannt (2).wma
[2011/07/21 17:14:46 | 000,786,233 | ---- | C] () -- C:\Users\***\Documents\Unbenannt.wma
[2011/07/19 21:37:53 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
[2011/07/19 21:37:53 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
[2011/07/16 20:01:45 | 000,002,461 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Word Starter 2010.lnk
[2011/07/12 19:31:02 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/07/12 19:22:40 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/07/12 19:17:04 | 000,000,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/12 19:17:04 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/07 21:58:14 | 003,131,248 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/12/28 11:05:06 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/12/28 11:05:06 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/11/08 02:19:51 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/11/08 01:40:08 | 000,001,304 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/11/06 04:21:36 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/11/06 04:21:36 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/11/06 04:21:36 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 23:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 23:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 23:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/07/29 11:57:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint
[2011/08/08 19:09:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011/08/09 03:14:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011/07/07 21:58:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011/08/07 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
[2011/08/09 12:51:52 | 000,000,408 | ---- | M] () -- C:\windows\Tasks\Ad-Aware Update (Weekly).job
[2009/07/14 07:08:49 | 000,024,298 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
__________________
Antwort

Themen zu Spyeyes von Malwarebytes gefunden&entfernt --> AUSREICHEND?
anti-malware, datei, dateien, exe, explorer, firewall, folge, gelöscht, hallo zusammen, hilfe!, internetverbindung, log, malwarebytes, microsoft, neu, nicht mehr, ordner, recycle.bin, schädling, software, spy, spyeye, systray .exe stub, task manager, temp, trojaner, verbindung


« Windows Sicherheiscenter Dienst nicht verfügbar | BKA-Virus Trojan-Dropper.Win32.Dapato »


Ähnliche Themen: Spyeyes von Malwarebytes gefunden&entfernt --> AUSREICHEND?


  1. Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2
    Plagegeister aller Art und deren Bekämpfung - 13.08.2014 (15)
  2. Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware
    Log-Analyse und Auswertung - 19.03.2014 (11)
  3. Pup.optional.tarma.a mit malwarebytes gefunden/entfernt - muss ich noch mehr unternehmen?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2013 (11)
  4. Spyware.zbot von malwarebytes gefunden und angeblich entfernt - bin ich sicher oder versteckt es sich nur?
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (5)
  5. Funde nach Scan mit Malwarebytes, ist Löschung aus Quarantäne ausreichend ?
    Log-Analyse und Auswertung - 04.07.2012 (21)
  6. PUM.Bad.Proxy und Trojan.Spyeyes durch Malwarebytes gefunden und gelöscht,OTL und gmer durchgelaufen
    Log-Analyse und Auswertung - 23.01.2012 (1)
  7. Trojan.Spyeyes gefunden
    Log-Analyse und Auswertung - 09.09.2011 (10)
  8. Trojaner Kazy.26024.5 SpyEyes Trojan.FakeMS (hoffentlich) entfernt aber danach viele Probleme
    Plagegeister aller Art und deren Bekämpfung - 23.06.2011 (31)
  9. TR/Spy.SpyEyes.ide gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.06.2011 (34)
  10. Trojaner: 'TR/Spy.SpyEyes.hbk' auf Netbook Samsung NC10 Plus gefunden.
    Plagegeister aller Art und deren Bekämpfung - 31.05.2011 (36)
  11. Trojaner gefunden, was nun? c:\Recycle.Bin\config.bin (Trojan.Spyeyes)
    Plagegeister aller Art und deren Bekämpfung - 30.05.2011 (10)
  12. 3 Objekte Trojan.Spyeyes mit Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.05.2011 (19)
  13. Virus 'Spy.SpyEyes.SC1' gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (14)
  14. TR/Spy.SpyEyes.gps von AntiVir gefunden
    Log-Analyse und Auswertung - 28.04.2011 (24)
  15. TR/Kazy.mekml.1 - eigene Behebung über Malwarebytes ausreichend?
    Plagegeister aller Art und deren Bekämpfung - 25.04.2011 (13)
  16. SpyEyes Trojaner gefunden, Logfiles erstellt
    Plagegeister aller Art und deren Bekämpfung - 01.03.2011 (15)
  17. Mehrere Funde mit Malwarebytes: Malware.Packer.Gen, Spyware.SpyEyes (3x), Trojan.Agent (2x)
    Plagegeister aller Art und deren Bekämpfung - 10.08.2010 (29)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Spyeyes von Malwarebytes gefunden&entfernt --> AUSREICHEND? - Hallo zusammen, meine Firewall hat mir vor einigen Tagen angezeigt, dass die Datei Systray. exe stub eine Internetverbindung aufbauen möchte. Da ich misstrauisch war, habe ich das blockiert. Nachdem ich - Spyeyes von Malwarebytes gefunden&entfernt --> AUSREICHEND?...
Archiv
Du betrachtest: Spyeyes von Malwarebytes gefunden&entfernt --> AUSREICHEND? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19