Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Syminstallstub Virus?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.09.2011, 16:03   #1
IbrahimGaunt
 
Syminstallstub Virus? - Standard

Syminstallstub Virus?



Hallo Leute,

ich habe das gleiche Problem wie trilli ein paar Thread vorher:
http://www.trojaner-board.de/103163-...t-das-nur.html

Bei mir ist es so, dass dieses syminstallstub auf dem Desktop als Icon erscheint, sobald ich den PC starte. Dann verschwindet es und es hat sich "RegistryMechanic" installiert. Eine Suche nach syminstallstub auf dem PC bringt kein Ergebnis, ebenso wie diverse Scans von AntiVir FreeFixer und Adaware.

Hier meine Logs:

OTL

OTL logfile created on: 07.09.2011 16:50:52 - Run 2
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Heinrich Lohse\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 0,89 Gb Available Physical Memory | 22,24% Memory free
8,23 Gb Paging File | 4,57 Gb Available in Paging File | 55,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 74,39 Gb Free Space | 24,96% Space Free | Partition Type: NTFS

Computer Name: LOHSEVILLE | User Name: Heinrich Lohse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.09.07 16:36:50 | 001,896,192 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
PRC - [2011.09.07 16:36:49 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.09.07 16:36:48 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.09.07 16:23:01 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Heinrich Lohse\Desktop\OTL.exe
PRC - [2011.08.12 05:15:32 | 000,917,504 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.08.02 15:36:34 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011.07.19 13:37:16 | 000,978,840 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe
PRC - [2011.07.06 19:52:38 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.07.05 18:40:43 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.02 11:34:35 | 000,103,736 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011.06.02 11:34:27 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.04.28 14:14:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2011.02.18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010.10.01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2011.09.07 16:36:55 | 000,794,640 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\PrivacyClean.dll
MOD - [2011.09.07 16:17:09 | 014,407,976 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011.09.07 16:17:09 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011.09.07 16:17:08 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011.09.07 16:17:07 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011.09.07 16:17:02 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2011.08.12 05:15:30 | 001,839,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.08.09 21:12:14 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.02.06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.03.09 06:53:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.03.09 01:06:44 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.02.15 17:26:18 | 000,822,264 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2010.06.17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2011.09.07 16:36:48 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.07.05 18:40:43 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.02 11:34:35 | 000,103,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011.06.02 11:34:27 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.05.13 14:40:38 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.28 14:14:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010.10.01 13:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.08.18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.07.14 17:18:52 | 000,157,184 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2011.07.05 18:40:44 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.05 18:40:44 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.13 12:44:59 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.03.24 14:35:36 | 000,019,968 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rzjoystk.sys -- (rzjoystk)
DRV:64bit: - [2011.03.24 14:35:36 | 000,007,168 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rzhidmap.sys -- (rzhidmap)
DRV:64bit: - [2011.03.09 11:22:42 | 009,258,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.09 06:17:42 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.11.17 14:04:18 | 000,111,120 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.05.15 16:30:50 | 000,453,720 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.14 11:15:56 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.06.29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2006.10.10 04:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV - [2011.09.07 16:37:00 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011.02.15 17:25:38 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://go.gmx.net/br/moz_keyurl_search/?su="
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2011.08.24 19:48:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011.08.24 19:33:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.17 11:13:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.30 15:49:49 | 000,000,000 | ---D | M]

[2011.03.31 19:57:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heinrich Lohse\AppData\Roaming\mozilla\Extensions
[2011.09.05 10:21:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heinrich Lohse\AppData\Roaming\mozilla\Firefox\Profiles\z9it615i.default\extensions
[2011.04.01 14:04:55 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Heinrich Lohse\AppData\Roaming\mozilla\Firefox\Profiles\z9it615i.default\extensions\battlefieldplay4free@ea.com
[2011.08.14 14:54:34 | 000,000,943 | ---- | M] () -- C:\Users\Heinrich Lohse\AppData\Roaming\Mozilla\Firefox\Profiles\z9it615i.default\searchplugins\conduit.xml
[2011.08.17 11:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.04.05 14:15:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.08.17 11:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011.08.17 11:13:30 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net
() (No name found) -- C:\USERS\HEINRICH LOHSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z9IT615I.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\HEINRICH LOHSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z9IT615I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.04.03 11:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.08.12 05:15:34 | 000,126,976 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.05 14:15:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] File not found
O4 - HKLM..\Run: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [SymInstallStub] C:\ProgramData\DivX\Symantec\SymInstallStub.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6477794B-3A43-4818-9C34-0216B2B1BB9A}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Heinrich Lohse\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Heinrich Lohse\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c3f5c9f-9596-11e0-abd6-001d7de9a420}\Shell - "" = AutoRun
O33 - MountPoints2\{4c3f5c9f-9596-11e0-abd6-001d7de9a420}\Shell\AutoRun\command - "" = F:\autoset.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.09.07 16:37:01 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.09.07 16:33:11 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.09.07 16:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.09.07 16:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.09.07 16:33:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011.09.07 16:31:40 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\Malwarebytes
[2011.09.07 16:29:54 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\FreeFixer
[2011.09.07 16:29:54 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Local\FreeFixer
[2011.09.07 16:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer
[2011.09.07 16:28:32 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.09.07 16:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.07 16:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.07 16:28:27 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.09.07 16:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.09.07 16:22:59 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Heinrich Lohse\Desktop\OTL.exe
[2011.09.07 16:21:44 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2011.09.07 16:21:44 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2011.09.07 16:21:44 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2011.09.07 16:21:44 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll
[2011.09.07 16:21:44 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2011.09.07 16:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Mechanic
[2011.09.07 16:21:43 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2011.09.07 16:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011.09.07 16:21:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2011.09.06 12:15:59 | 000,000,000 | ---D | C] -- C:\VESA
[2011.09.06 12:15:59 | 000,000,000 | ---D | C] -- C:\SOUND
[2011.09.06 12:15:59 | 000,000,000 | ---D | C] -- C:\SCENARIO
[2011.09.06 11:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\DRIVERS
[2011.09.06 11:59:10 | 000,365,056 | R--- | C] (Blizzard Entertainment) -- C:\Program Files\WAR2ED95.EXE
[2011.09.06 11:59:10 | 000,023,040 | R--- | C] (Blizzard Entertainment) -- C:\Program Files\SFXED95.EXE
[2011.09.06 11:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Warcraft
[2011.09.06 11:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\DATA
[2011.09.06 11:57:21 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DOSBox-0.63
[2011.09.06 11:57:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.63
[2011.09.06 11:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.63
[2011.09.04 15:42:04 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\Desktop\The Settlers7 Demo
[2011.09.04 11:07:49 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\Registry Mechanic
[2011.09.04 11:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.09.03 12:41:12 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\DivX
[2011.09.02 14:27:27 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\Tropico 4 Demo
[2011.09.02 12:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.09.02 12:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.09.02 12:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2011.09.02 12:43:14 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Local\Google
[2011.09.02 12:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011.09.02 12:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011.09.02 12:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.08.29 14:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.08.29 14:52:20 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\DVDVideoSoft
[2011.08.29 14:52:17 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\Documents\DVDVideoSoft
[2011.08.29 14:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011.08.29 14:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011.08.29 14:20:34 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\Desktop\Studium
[2011.08.24 19:33:36 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\Documents\ForceField Shared Files
[2011.08.24 19:33:32 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\CheckPoint
[2011.08.24 19:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011.08.24 19:32:15 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Local\Conduit
[2011.08.24 19:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm-Sicherheit
[2011.08.24 19:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011.08.24 19:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2011.08.24 19:31:34 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\SysWow64\vsutil_loc0407.dll
[2011.08.24 19:31:29 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2011.08.24 19:30:39 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2011.08.24 19:29:45 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2011.08.24 19:29:45 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2011.08.24 19:29:28 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2011.08.24 19:29:25 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2011.08.24 19:29:25 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2011.08.24 19:29:23 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2011.08.24 19:29:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2011.08.24 19:29:22 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2011.08.24 19:29:18 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2011.08.24 19:28:08 | 000,453,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2011.08.24 19:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2011.08.24 19:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.08.24 19:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011.08.24 19:27:41 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011.08.24 19:27:39 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2011.08.24 19:27:39 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2011.08.24 19:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.08.24 19:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.08.23 17:32:02 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Local\THQ
[2011.08.22 23:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.08.22 23:21:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011.08.22 17:41:13 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\Amazon
[2011.08.22 17:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011.08.22 17:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2011.08.21 14:55:32 | 000,126,976 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2011.08.21 14:55:32 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2011.08.21 14:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2011.08.21 14:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III
[2011.08.17 13:55:56 | 000,000,000 | ---D | C] -- C:\Users\Heinrich Lohse\Documents\Spartan
[2011.08.17 12:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Studios
[2011.08.17 12:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2011.08.11 09:31:06 | 000,759,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.08.11 09:31:06 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.08.11 09:31:06 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.08.11 09:31:06 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.08.11 09:31:05 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.08.11 09:31:05 | 000,485,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.08.11 09:31:05 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011.08.11 09:31:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.08.11 09:31:05 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.08.11 09:31:05 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.08.11 09:31:05 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.08.11 09:30:19 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.08.11 09:30:18 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011.08.11 09:29:54 | 004,699,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.09.07 16:37:00 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.09.07 16:33:13 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.09.07 16:23:01 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Heinrich Lohse\Desktop\OTL.exe
[2011.09.07 16:22:15 | 001,591,178 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.07 16:22:15 | 000,682,500 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.07 16:22:15 | 000,641,508 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.07 16:22:15 | 000,149,858 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.07 16:22:15 | 000,123,288 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.07 16:22:12 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2011.09.07 16:21:44 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011.09.07 16:15:44 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.07 16:15:44 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.07 16:15:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.06 18:23:25 | 000,048,464 | ---- | M] () -- C:\Users\Heinrich Lohse\Desktop\Hausarbeit Spanischer Erbfolgekrieg.odt
[2011.09.06 12:09:35 | 000,000,000 | ---- | M] () -- C:\Program Files\PHQGHUME.SWP
[2011.08.24 19:34:05 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011.08.24 19:31:40 | 000,005,977 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml
[2011.08.24 19:27:50 | 000,001,097 | ---- | M] () -- C:\Users\Heinrich Lohse\Desktop\Spybot - Search & Destroy.lnk
[2011.08.21 15:56:29 | 000,079,872 | ---- | M] () -- C:\Users\Heinrich Lohse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.21 15:03:11 | 000,019,202 | ---- | M] () -- C:\Windows\War3Unin.dat
[2011.08.21 15:03:11 | 000,001,788 | ---- | M] () -- C:\Users\Heinrich Lohse\Desktop\Warcraft III.lnk
[2011.08.21 14:55:32 | 000,126,976 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2011.08.21 14:55:32 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif
[2011.08.18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.08.18 14:36:44 | 000,034,821 | ---- | M] () -- C:\Users\Heinrich Lohse\Desktop\Hausarbeit Enzyklopädien MiLa.odt
[2011.08.17 11:13:35 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.08.12 20:06:55 | 000,000,025 | ---- | M] () -- C:\Windows\popcinfot.dat
[2011.08.12 08:49:45 | 001,570,248 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.09 21:12:14 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.09.07 16:33:13 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.09.07 16:22:12 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job
[2011.09.07 16:21:44 | 000,040,408 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2011.09.07 16:21:44 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2011.09.06 12:15:59 | 002,629,981 | ---- | C] () -- C:\SC2000.DAT
[2011.09.06 12:15:59 | 001,046,112 | ---- | C] () -- C:\SC2000.EXE
[2011.09.06 12:15:59 | 000,186,022 | ---- | C] () -- C:\VRF_DLL.EXE
[2011.09.06 12:15:59 | 000,096,280 | ---- | C] () -- C:\INSTALL.EXE
[2011.09.06 12:15:59 | 000,067,557 | ---- | C] () -- C:\MAXIS.CIM
[2011.09.06 12:15:59 | 000,028,967 | ---- | C] () -- C:\VDETECT.EXE
[2011.09.06 12:15:59 | 000,027,025 | ---- | C] () -- C:\INFO.EXE
[2011.09.06 12:15:59 | 000,024,273 | ---- | C] () -- C:\GM2.BNK
[2011.09.06 12:15:59 | 000,023,907 | ---- | C] () -- C:\GM1.BNK
[2011.09.06 12:15:59 | 000,015,341 | ---- | C] () -- C:\POSTCARD.CIM
[2011.09.06 12:15:59 | 000,010,423 | ---- | C] () -- C:\INSTALL.MXS
[2011.09.06 12:15:59 | 000,005,496 | ---- | C] () -- C:\MW_ATIUP.EXE
[2011.09.06 12:15:59 | 000,003,137 | ---- | C] () -- C:\AUXDRV.DRV
[2011.09.06 12:15:59 | 000,000,347 | ---- | C] () -- C:\SC2000.CFG
[2011.09.06 12:15:59 | 000,000,323 | ---- | C] () -- C:\SC2000
[2011.09.06 12:15:59 | 000,000,081 | ---- | C] () -- C:\CHKLIST.MS
[2011.09.06 12:09:35 | 000,000,000 | ---- | C] () -- C:\Program Files\PHQGHUME.SWP
[2011.09.06 11:59:10 | 000,878,119 | R--- | C] () -- C:\Program Files\WAR.EXE
[2011.09.06 11:59:10 | 000,598,533 | R--- | C] () -- C:\Program Files\SETUP.EXE
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE9.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE8.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE7.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE6.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE5.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE4.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE32.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE31.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE30.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE3.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE29.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE28.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE27.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE26.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE25.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE24.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE23.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE22.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE21.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE20.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE2.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE19.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE18.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE17.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE16.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE15.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE14.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE13.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE12.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE11.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE10.SAV
[2011.09.06 11:59:10 | 000,383,294 | ---- | C] () -- C:\Program Files\SAVE1.SAV
[2011.09.06 11:59:10 | 000,168,232 | R--- | C] () -- C:\Program Files\SCREEN00.PCX
[2011.09.06 11:59:10 | 000,122,510 | R--- | C] () -- C:\Program Files\ICEBRDGE.PUD
[2011.09.06 11:59:10 | 000,122,006 | R--- | C] () -- C:\Program Files\DRAGON.PUD
[2011.09.06 11:59:10 | 000,071,902 | R--- | C] () -- C:\Program Files\ALAMO.PUD
[2011.09.06 11:59:10 | 000,071,806 | R--- | C] () -- C:\Program Files\LAND_SEA.PUD
[2011.09.06 11:59:10 | 000,071,518 | R--- | C] () -- C:\Program Files\ISLANDS.PUD
[2011.09.06 11:59:10 | 000,071,486 | R--- | C] () -- C:\Program Files\CHANNEL.PUD
[2011.09.06 11:59:10 | 000,037,086 | R--- | C] () -- C:\Program Files\DEATH.PUD
[2011.09.06 11:59:10 | 000,018,790 | R--- | C] () -- C:\Program Files\MUTTON.PUD
[2011.09.06 11:59:10 | 000,015,360 | R--- | C] () -- C:\Program Files\WAR2ICON.DLL
[2011.09.06 11:59:10 | 000,011,264 | R--- | C] () -- C:\Program Files\WAR2EDIT.EXE
[2011.09.06 11:59:10 | 000,010,405 | ---- | C] () -- C:\Program Files\UNIVBE.DRV
[2011.09.06 11:59:10 | 000,004,279 | R--- | C] () -- C:\Program Files\WAR2.EXE
[2011.09.06 11:59:10 | 000,001,454 | R--- | C] () -- C:\Program Files\INSTALL.HST
[2011.09.06 11:59:10 | 000,000,967 | R--- | C] () -- C:\Program Files\WAR2.PIF
[2011.09.06 11:59:10 | 000,000,967 | R--- | C] () -- C:\Program Files\SETUP.PIF
[2011.09.06 11:59:10 | 000,000,967 | ---- | C] () -- C:\Program Files\WAR.PIF
[2011.09.06 11:59:10 | 000,000,496 | R--- | C] () -- C:\Program Files\AIP-NL.INI
[2011.09.06 11:59:10 | 000,000,417 | R--- | C] () -- C:\Program Files\WAR2.INI
[2011.09.06 11:59:10 | 000,000,265 | R--- | C] () -- C:\Program Files\512.GUS
[2011.09.06 11:59:10 | 000,000,000 | R--- | C] () -- C:\Program Files\AIBOBHDA.SWP
[2011.09.06 11:59:10 | 000,000,000 | ---- | C] () -- C:\Program Files\PHQGHUME.AYL
[2011.09.06 11:59:10 | 000,000,000 | ---- | C] () -- C:\Program Files\APCBCDBA.SWP
[2011.08.25 11:59:44 | 000,048,464 | ---- | C] () -- C:\Users\Heinrich Lohse\Desktop\Hausarbeit Spanischer Erbfolgekrieg.odt
[2011.08.24 19:31:36 | 000,005,977 | ---- | C] () -- C:\Windows\SysWow64\vsconfig.xml
[2011.08.24 19:29:19 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2011.08.24 19:27:50 | 000,001,097 | ---- | C] () -- C:\Users\Heinrich Lohse\Desktop\Spybot - Search & Destroy.lnk
[2011.08.21 15:03:11 | 000,001,788 | ---- | C] () -- C:\Users\Heinrich Lohse\Desktop\Warcraft III.lnk
[2011.08.21 14:55:32 | 000,019,202 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.08.21 14:55:32 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif
[2011.08.13 14:02:05 | 000,034,821 | ---- | C] () -- C:\Users\Heinrich Lohse\Desktop\Hausarbeit Enzyklopädien MiLa.odt
[2011.06.04 13:55:08 | 000,000,102 | ---- | C] () -- C:\Users\Heinrich Lohse\AppData\Local\fusioncache.dat
[2011.06.02 11:34:21 | 000,000,328 | ---- | C] () -- C:\Windows\game.ini
[2011.05.09 22:12:46 | 000,000,025 | ---- | C] () -- C:\Windows\popcinfot.dat
[2011.05.02 14:46:23 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.05.02 14:39:38 | 000,079,872 | ---- | C] () -- C:\Users\Heinrich Lohse\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.28 21:01:12 | 001,570,248 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.14 19:32:35 | 000,083,856 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.04.02 21:30:10 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.04.02 21:30:08 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.03.31 21:42:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.31 20:28:23 | 000,000,552 | ---- | C] () -- C:\Users\Heinrich Lohse\AppData\Local\d3d8caps.dat
[2011.03.31 20:23:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.03.31 20:23:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.03.31 20:22:42 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.03.31 20:22:42 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.03.31 19:54:16 | 000,000,732 | ---- | C] () -- C:\Users\Heinrich Lohse\AppData\Local\d3d9caps64.dat
[2011.03.21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.01.13 05:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP1B5B4F1

< End of report >


MalWare kommt gleich noch nach.

Alt 07.09.2011, 20:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Syminstallstub Virus? - Standard

Syminstallstub Virus?



Das ist aber kein OTL-CustomScan!!
__________________

__________________

Antwort

Themen zu Syminstallstub Virus?
.com, ad-aware, adobe, alternate, antivir, autorun, avira, bho, checkpoint, defender, desktop, device driver, explorer, firefox, format, google, helper, home, logfile, mozilla, plug-in, problem, realtek, safer networking, security, software, symantec, usb, version=1.0, virus, vista





Zum Thema Syminstallstub Virus? - Hallo Leute, ich habe das gleiche Problem wie trilli ein paar Thread vorher: http://www.trojaner-board.de/103163-...t-das-nur.html Bei mir ist es so, dass dieses syminstallstub auf dem Desktop als Icon erscheint, sobald ich - Syminstallstub Virus?...
Archiv
Du betrachtest: Syminstallstub Virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.