| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Syminstallstub Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.09.2011, 16:03
| #1 |
| |  Syminstallstub Virus? Hallo Leute, ich habe das gleiche Problem wie trilli ein paar Thread vorher: http://www.trojaner-board.de/103163-...t-das-nur.html Bei mir ist es so, dass dieses syminstallstub auf dem Desktop als Icon erscheint, sobald ich den PC starte. Dann verschwindet es und es hat sich "RegistryMechanic" installiert. Eine Suche nach syminstallstub auf dem PC bringt kein Ergebnis, ebenso wie diverse Scans von AntiVir FreeFixer und Adaware. Hier meine Logs: OTL OTL logfile created on: 07.09.2011 16:50:52 - Run 2 OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Heinrich Lohse\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 22,24% Memory free 8,23 Gb Paging File | 4,57 Gb Available in Paging File | 55,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298,09 Gb Total Space | 74,39 Gb Free Space | 24,96% Space Free | Partition Type: NTFS Computer Name: LOHSEVILLE | User Name: Heinrich Lohse | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.07 16:36:50 | 001,896,192 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe PRC - [2011.09.07 16:36:49 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2011.09.07 16:36:48 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe PRC - [2011.09.07 16:23:01 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Heinrich Lohse\Desktop\OTL.exe PRC - [2011.08.12 05:15:32 | 000,917,504 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.08.02 15:36:34 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2011.07.19 13:37:16 | 000,978,840 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe PRC - [2011.07.06 19:52:38 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011.07.05 18:40:43 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.06.02 11:34:35 | 000,103,736 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2011.06.02 11:34:27 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.04.28 14:14:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe PRC - [2011.02.18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.10.01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe ========== Modules (No Company Name) ========== MOD - [2011.09.07 16:36:55 | 000,794,640 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\PrivacyClean.dll MOD - [2011.09.07 16:17:09 | 014,407,976 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2011.09.07 16:17:09 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2011.09.07 16:17:08 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll MOD - [2011.09.07 16:17:07 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll MOD - [2011.09.07 16:17:02 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll MOD - [2011.08.12 05:15:30 | 001,839,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.08.09 21:12:14 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2011.02.06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.03.09 06:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.03.09 01:06:44 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011.02.15 17:26:18 | 000,822,264 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV:64bit: - [2010.06.17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2011.09.07 16:36:48 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.07.05 18:40:43 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.06.02 11:34:35 | 000,103,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2011.06.02 11:34:27 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.05.13 14:40:38 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.04.28 14:14:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.10.01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.08.18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd) DRV:64bit: - [2011.07.14 17:18:52 | 000,157,184 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RzSynapse.sys -- (RzSynapse) DRV:64bit: - [2011.07.05 18:40:44 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.05 18:40:44 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.06.13 12:44:59 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2011.03.24 14:35:36 | 000,019,968 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rzjoystk.sys -- (rzjoystk) DRV:64bit: - [2011.03.24 14:35:36 | 000,007,168 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rzhidmap.sys -- (rzhidmap) DRV:64bit: - [2011.03.09 11:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.03.09 06:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2010.11.17 14:04:18 | 000,111,120 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService) DRV:64bit: - [2010.05.15 16:30:50 | 000,453,720 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.08.14 11:15:56 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007.06.29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64) DRV:64bit: - [2006.10.10 04:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD) DRV - [2011.09.07 16:37:00 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2011.02.15 17:25:38 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://go.gmx.net/br/moz_keyurl_search/?su=" FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011.08.24 19:48:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.08.24 19:33:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.17 11:13:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.30 15:49:49 | 000,000,000 | ---D | M] [2011.03.31 19:57:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heinrich Lohse\AppData\Roaming\mozilla\Extensions [2011.09.05 10:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heinrich Lohse\AppData\Roaming\mozilla\Firefox\Profiles\z9it615i.default\extensions [2011.04.01 14:04:55 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Heinrich Lohse\AppData\Roaming\mozilla\Firefox\Profiles\z9it615i.default\extensions\battlefieldplay4free@ea.com [2011.08.14 14:54:34 | 000,000,943 | ---- | M] () -- C:\Users\Heinrich Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\z9it615i.default\searchplugins\conduit.xml [2011.08.17 11:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.04.05 14:15:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.08.17 11:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2011.08.17 11:13:30 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net () (No name found) -- C:\USERS\HEINRICH LOHSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z9IT615I.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\HEINRICH LOHSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z9IT615I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.04.03 11:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.08.12 05:15:34 | 000,126,976 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.05 14:15:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] File not found O4 - HKLM..\Run: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [SymInstallStub] C:\ProgramData\DivX\Symantec\SymInstallStub.exe (Symantec Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6477794B-3A43-4818-9C34-0216B2B1BB9A}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Heinrich Lohse\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Heinrich Lohse\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4c3f5c9f-9596-11e0-abd6-001d7de9a420}\Shell - "" = AutoRun O33 - MountPoints2\{4c3f5c9f-9596-11e0-abd6-001d7de9a420}\Shell\AutoRun\command - "" = F:\autoset.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.07 16:37:01 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.09.07 16:33:11 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011.09.07 16:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft [2011.09.07 16:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2011.09.07 16:33:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2011.09.07 16:31:40 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\Malwarebytes [2011.09.07 16:29:54 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\FreeFixer [2011.09.07 16:29:54 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Local\FreeFixer [2011.09.07 16:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer [2011.09.07 16:28:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.09.07 16:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.07 16:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.07 16:28:27 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.09.07 16:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.09.07 16:22:59 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Heinrich Lohse\Desktop\OTL.exe [2011.09.07 16:21:44 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx [2011.09.07 16:21:44 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx [2011.09.07 16:21:44 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2011.09.07 16:21:44 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll [2011.09.07 16:21:44 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx [2011.09.07 16:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic [2011.09.07 16:21:43 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX [2011.09.07 16:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2011.09.07 16:21:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic [2011.09.06 12:15:59 | 000,000,000 | ---D | C] -- C:\VESA [2011.09.06 12:15:59 | 000,000,000 | ---D | C] -- C:\SOUND [2011.09.06 12:15:59 | 000,000,000 | ---D | C] -- C:\SCENARIO [2011.09.06 11:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\DRIVERS [2011.09.06 11:59:10 | 000,365,056 | R--- | C] (Blizzard Entertainment) -- C:\Program Files\WAR2ED95.EXE [2011.09.06 11:59:10 | 000,023,040 | R--- | C] (Blizzard Entertainment) -- C:\Program Files\SFXED95.EXE [2011.09.06 11:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Warcraft [2011.09.06 11:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\DATA [2011.09.06 11:57:21 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DOSBox-0.63 [2011.09.06 11:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.63 [2011.09.06 11:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.63 [2011.09.04 15:42:04 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\Desktop\The Settlers7 Demo [2011.09.04 11:07:49 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\Registry Mechanic [2011.09.04 11:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.09.03 12:41:12 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\DivX [2011.09.02 14:27:27 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\Tropico 4 Demo [2011.09.02 12:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.09.02 12:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2011.09.02 12:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2011.09.02 12:43:14 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Local\Google [2011.09.02 12:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2011.09.02 12:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2011.09.02 12:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2011.08.29 14:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2011.08.29 14:52:20 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\DVDVideoSoft [2011.08.29 14:52:17 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\Documents\DVDVideoSoft [2011.08.29 14:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2011.08.29 14:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2011.08.29 14:20:34 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\Desktop\Studium [2011.08.24 19:33:36 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\Documents\ForceField Shared Files [2011.08.24 19:33:32 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\CheckPoint [2011.08.24 19:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2011.08.24 19:32:15 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Local\Conduit [2011.08.24 19:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm-Sicherheit [2011.08.24 19:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2011.08.24 19:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm [2011.08.24 19:31:34 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\SysWow64\vsutil_loc0407.dll [2011.08.24 19:31:29 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll [2011.08.24 19:30:39 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2011.08.24 19:29:45 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll [2011.08.24 19:29:45 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll [2011.08.24 19:29:28 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll [2011.08.24 19:29:25 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll [2011.08.24 19:29:25 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll [2011.08.24 19:29:23 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll [2011.08.24 19:29:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs [2011.08.24 19:29:22 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll [2011.08.24 19:29:18 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll [2011.08.24 19:28:08 | 000,453,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys [2011.08.24 19:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs [2011.08.24 19:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.08.24 19:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2011.08.24 19:27:41 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.08.24 19:27:39 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll [2011.08.24 19:27:39 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll [2011.08.24 19:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.08.24 19:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.08.23 17:32:02 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Local\THQ [2011.08.22 23:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.08.22 23:21:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2011.08.22 17:41:13 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\Amazon [2011.08.22 17:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2011.08.22 17:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2011.08.21 14:55:32 | 000,126,976 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe [2011.08.21 14:55:32 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III [2011.08.21 14:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III [2011.08.21 14:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III [2011.08.17 13:55:56 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\Documents\Spartan [2011.08.17 12:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Studios [2011.08.17 12:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games [2011.08.11 09:31:06 | 000,759,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.08.11 09:31:06 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.08.11 09:31:06 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.08.11 09:31:06 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.08.11 09:31:05 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.08.11 09:31:05 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.08.11 09:31:05 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2011.08.11 09:31:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.08.11 09:31:05 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2011.08.11 09:31:05 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.08.11 09:31:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.08.11 09:30:19 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.08.11 09:30:18 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2011.08.11 09:29:54 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.07 16:37:00 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2011.09.07 16:33:13 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.09.07 16:23:01 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Heinrich Lohse\Desktop\OTL.exe [2011.09.07 16:22:15 | 001,591,178 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.09.07 16:22:15 | 000,682,500 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.09.07 16:22:15 | 000,641,508 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.09.07 16:22:15 | 000,149,858 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.09.07 16:22:15 | 000,123,288 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.09.07 16:22:12 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job [2011.09.07 16:21:44 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk [2011.09.07 16:15:44 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.07 16:15:44 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.07 16:15:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.06 18:23:25 | 000,048,464 | ---- | M] () -- C:\Users\Heinrich Lohse\Desktop\Hausarbeit Spanischer Erbfolgekrieg.odt [2011.09.06 12:09:35 | 000,000,000 | ---- | M] () -- C:\Program Files\PHQGHUME.SWP [2011.08.24 19:34:05 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011.08.24 19:31:40 | 000,005,977 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml [2011.08.24 19:27:50 | 000,001,097 | ---- | M] () -- C:\Users\Heinrich Lohse\Desktop\Spybot - Search & Destroy.lnk [2011.08.21 15:56:29 | 000,079,872 | ---- | M] () -- C:\Users\Heinrich Lohse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.21 15:03:11 | 000,019,202 | ---- | M] () -- C:\Windows\War3Unin.dat [2011.08.21 15:03:11 | 000,001,788 | ---- | M] () -- C:\Users\Heinrich Lohse\Desktop\Warcraft III.lnk [2011.08.21 14:55:32 | 000,126,976 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe [2011.08.21 14:55:32 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif [2011.08.18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2011.08.18 14:36:44 | 000,034,821 | ---- | M] () -- C:\Users\Heinrich Lohse\Desktop\Hausarbeit Enzyklopädien MiLa.odt [2011.08.17 11:13:35 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.08.12 20:06:55 | 000,000,025 | ---- | M] () -- C:\Windows\popcinfot.dat [2011.08.12 08:49:45 | 001,570,248 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.08.09 21:12:14 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.07 16:33:13 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2011.09.07 16:22:12 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job [2011.09.07 16:21:44 | 000,040,408 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe [2011.09.07 16:21:44 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk [2011.09.06 12:15:59 | 002,629,981 | ---- | C] () -- C:\SC2000.DAT [2011.09.06 12:15:59 | 001,046,112 | ---- | C] () -- C:\SC2000.EXE [2011.09.06 12:15:59 | 000,186,022 | ---- | C] () -- C:\VRF_DLL.EXE [2011.09.06 12:15:59 | 000,096,280 | ---- | C] () -- C:\INSTALL.EXE [2011.09.06 12:15:59 | 000,067,557 | ---- | C] () -- C:\MAXIS.CIM [2011.09.06 12:15:59 | 000,028,967 | ---- | C] () -- C:\VDETECT.EXE [2011.09.06 12:15:59 | 000,027,025 | ---- | C] () -- C:\INFO.EXE [2011.09.06 12:15:59 | 000,024,273 | ---- | C] () -- C:\GM2.BNK [2011.09.06 12:15:59 | 000,023,907 | ---- | C] () -- C:\GM1.BNK [2011.09.06 12:15:59 | 000,015,341 | ---- | C] () -- C:\POSTCARD.CIM [2011.09.06 12:15:59 | 000,010,423 | ---- | C] () -- C:\INSTALL.MXS [2011.09.06 12:15:59 | 000,005,496 | ---- | C] () -- C:\MW_ATIUP.EXE [2011.09.06 12:15:59 | 000,003,137 | ---- | C] () -- C:\AUXDRV.DRV [2011.09.06 12:15:59 | 000,000,347 | ---- | C] () -- C:\SC2000.CFG [2011.09.06 12:15:59 | 000,000,323 | ---- | C] () -- C:\SC2000 [2011.09.06 12:15:59 | 000,000,081 | ---- | C] () -- C:\CHKLIST.MS [2011.09.06 12:09:35 | 000,000,000 | ---- | C] () -- C:\Program Files\PHQGHUME.SWP [2011.09.06 11:59:10 | 000,878,119 | R--- | C] () -- C:\Program Files\WAR.EXE [2011.09.06 11:59:10 | 000,598,533 | R--- | C] () -- C:\Program Files\SETUP.EXE [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE9.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE8.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE7.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE6.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE5.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE4.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE32.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE31.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE30.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE3.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE29.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE28.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE27.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE26.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE25.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE24.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE23.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE22.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE21.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE20.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE2.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE19.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE18.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE17.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE16.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE15.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE14.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE13.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE12.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE11.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE10.SAV [2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE1.SAV [2011.09.06 11:59:10 | 000,168,232 | R--- | C] () -- C:\Program Files\SCREEN00.PCX [2011.09.06 11:59:10 | 000,122,510 | R--- | C] () -- C:\Program Files\ICEBRDGE.PUD [2011.09.06 11:59:10 | 000,122,006 | R--- | C] () -- C:\Program Files\DRAGON.PUD [2011.09.06 11:59:10 | 000,071,902 | R--- | C] () -- C:\Program Files\ALAMO.PUD [2011.09.06 11:59:10 | 000,071,806 | R--- | C] () -- C:\Program Files\LAND_SEA.PUD [2011.09.06 11:59:10 | 000,071,518 | R--- | C] () -- C:\Program Files\ISLANDS.PUD [2011.09.06 11:59:10 | 000,071,486 | R--- | C] () -- C:\Program Files\CHANNEL.PUD [2011.09.06 11:59:10 | 000,037,086 | R--- | C] () -- C:\Program Files\DEATH.PUD [2011.09.06 11:59:10 | 000,018,790 | R--- | C] () -- C:\Program Files\MUTTON.PUD [2011.09.06 11:59:10 | 000,015,360 | R--- | C] () -- C:\Program Files\WAR2ICON.DLL [2011.09.06 11:59:10 | 000,011,264 | R--- | C] () -- C:\Program Files\WAR2EDIT.EXE [2011.09.06 11:59:10 | 000,010,405 | ---- | C] () -- C:\Program Files\UNIVBE.DRV [2011.09.06 11:59:10 | 000,004,279 | R--- | C] () -- C:\Program Files\WAR2.EXE [2011.09.06 11:59:10 | 000,001,454 | R--- | C] () -- C:\Program Files\INSTALL.HST [2011.09.06 11:59:10 | 000,000,967 | R--- | C] () -- C:\Program Files\WAR2.PIF [2011.09.06 11:59:10 | 000,000,967 | R--- | C] () -- C:\Program Files\SETUP.PIF [2011.09.06 11:59:10 | 000,000,967 | ---- | C] () -- C:\Program Files\WAR.PIF [2011.09.06 11:59:10 | 000,000,496 | R--- | C] () -- C:\Program Files\AIP-NL.INI [2011.09.06 11:59:10 | 000,000,417 | R--- | C] () -- C:\Program Files\WAR2.INI [2011.09.06 11:59:10 | 000,000,265 | R--- | C] () -- C:\Program Files\512.GUS [2011.09.06 11:59:10 | 000,000,000 | R--- | C] () -- C:\Program Files\AIBOBHDA.SWP [2011.09.06 11:59:10 | 000,000,000 | ---- | C] () -- C:\Program Files\PHQGHUME.AYL [2011.09.06 11:59:10 | 000,000,000 | ---- | C] () -- C:\Program Files\APCBCDBA.SWP [2011.08.25 11:59:44 | 000,048,464 | ---- | C] () -- C:\Users\Heinrich Lohse\Desktop\Hausarbeit Spanischer Erbfolgekrieg.odt [2011.08.24 19:31:36 | 000,005,977 | ---- | C] () -- C:\Windows\SysWow64\vsconfig.xml [2011.08.24 19:29:19 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2011.08.24 19:27:50 | 000,001,097 | ---- | C] () -- C:\Users\Heinrich Lohse\Desktop\Spybot - Search & Destroy.lnk [2011.08.21 15:03:11 | 000,001,788 | ---- | C] () -- C:\Users\Heinrich Lohse\Desktop\Warcraft III.lnk [2011.08.21 14:55:32 | 000,019,202 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.08.21 14:55:32 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif [2011.08.13 14:02:05 | 000,034,821 | ---- | C] () -- C:\Users\Heinrich Lohse\Desktop\Hausarbeit Enzyklopädien MiLa.odt [2011.06.04 13:55:08 | 000,000,102 | ---- | C] () -- C:\Users\Heinrich Lohse\AppData\Local\fusioncache.dat [2011.06.02 11:34:21 | 000,000,328 | ---- | C] () -- C:\Windows\game.ini [2011.05.09 22:12:46 | 000,000,025 | ---- | C] () -- C:\Windows\popcinfot.dat [2011.05.02 14:46:23 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.05.02 14:39:38 | 000,079,872 | ---- | C] () -- C:\Users\Heinrich Lohse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.28 21:01:12 | 001,570,248 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.14 19:32:35 | 000,083,856 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.04.02 21:30:10 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.04.02 21:30:08 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.03.31 21:42:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.31 20:28:23 | 000,000,552 | ---- | C] () -- C:\Users\Heinrich Lohse\AppData\Local\d3d8caps.dat [2011.03.31 20:23:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2011.03.31 20:23:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2011.03.31 20:22:42 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2011.03.31 20:22:42 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2011.03.31 19:54:16 | 000,000,732 | ---- | C] () -- C:\Users\Heinrich Lohse\AppData\Local\d3d9caps64.dat [2011.03.21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.03.08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.03.08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.03.08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.03.08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.01.13 05:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP  1B5B4F1< End of report > MalWare kommt gleich noch nach. |
|
07.09.2011, 20:21
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Syminstallstub Virus? Das ist aber kein OTL-CustomScan!!
__________________
__________________ |
|
| Themen zu Syminstallstub Virus? |
| .com, ad-aware, adobe, alternate, antivir, autorun, avira, bho, checkpoint, defender, desktop, device driver, explorer, firefox, format, google, helper, home, logfile, mozilla, plug-in, problem, realtek, safer networking, security, software, symantec, usb, version=1.0, virus, vista |
Linear-Darstellung
