Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Nachkontrolle Systemreinigung nach AV Security Suite (https://www.trojaner-board.de/88022-nachkontrolle-systemreinigung-av-security-suite.html)

Glasbrecher 11.07.2010 20:31
Nachkontrolle Systemreinigung nach AV Security Suite
 
Hatte mir den schönen AV Security Suite ( www. trojaner-board. de/86690-av-security-suite-entfernen.html ) eingefangen.
Rechner habe ich soweit wie möglich gecleaned, gab auch keine Probleme, möchte da aber auf Nummer Sicher gehen und bitte euch mal drüber zu kucken:

Hijack this:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:11, on 11.07.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
d:\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\CCleaner\CCleaner.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7796 bytes
sorgen mach ich mir ein wenig hier:
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
wird als schädlich angezeit, weiß aber nicht ob das ganze auf den HJT-64Bit Koflikt zurückzuführen ist.



CCleaner: Keine Fehler gefunden
Antivir: clean
Spybot: clean

Malwarebytes:
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4302

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

11.07.2010 21:10:43
mbam-log-2010-07-11 (21-10-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Durchsuchte Objekte: 472198
Laufzeit: 1 Stunde(n), 6 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL: (einiger "Altersschrott", ansonstens kann ich da Nichts sehen)
Code:
OTL logfile created on: 11.07.2010 21:12:38 - Run 2
OTL by OldTimer - Version 3.2.9.0    Folder = c:\Users\\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 28,00% Memory free
14,00 Gb Paging File | 11,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): c:\pagefile.sys 10240 10240 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 39,68 Gb Free Space | 26,63% Space Free | Partition Type: NTFS
Drive D: | 136,35 Gb Total Space | 26,59 Gb Free Space | 19,50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 149,04 Gb Total Space | 41,57 Gb Free Space | 27,89% Space Free | Partition Type: NTFS
Drive G: | 149,04 Gb Total Space | 21,40 Gb Free Space | 14,36% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name:
Current User Name:
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\\Downloads\OTL.exe (OldTimer Tools)
PRC - d:\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - d:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - c:\Users\\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (appdrvrem01) -- C:\Windows\SysNative\appdrvrem01.exe File not found
SRV:64bit: - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe ()
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (appdrv01) Application Driver (01) -- C:\Windows\SysNative\Drivers\appdrv01.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys ()
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV:64bit: - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys ()
DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys ()
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys ()
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys ()
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys ()
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfsync02.sys ()
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-201935087-3292007685-2109191542-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-201935087-3292007685-2109191542-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-201935087-3292007685-2109191542-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-201935087-3292007685-2109191542-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..network.proxy.backup.ftp: "152.189.42.120.35"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "152.189.42.120.35"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "152.189.42.120.35"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "152.189.42.120.35"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "88.198.9.119"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "88.198.9.119"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "88.198.9.119"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "88.198.9.119"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: d:\Mozilla Firefox\components [2010.07.01 16:33:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: d:\Mozilla Firefox\plugins [2010.07.03 16:07:06 | 000,000,000 | ---D | M]
 
[2009.10.28 17:11:45 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\mozilla\Extensions
[2010.07.11 18:36:53 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\zapiwtzy.default\extensions
[2010.05.23 00:23:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\zapiwtzy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.06 11:43:53 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\zapiwtzy.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.04.23 18:53:02 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\zapiwtzy.default\extensions\firefox@tvunetworks.com
[2010.07.07 01:01:38 | 000,002,454 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\zapiwtzy.default\searchplugins\google-deutschland.xml
 
O1 HOSTS File: ([2010.07.11 19:28:55 | 000,411,917 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14236 more lines...
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-201935087-3292007685-2109191542-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-201935087-3292007685-2109191542-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-201935087-3292007685-2109191542-1000..\Run: [PlayNC Launcher]  File not found
O4 - HKU\S-1-5-21-201935087-3292007685-2109191542-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-201935087-3292007685-2109191542-1000\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{098edccb-d7f8-11de-89e2-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{098edccb-d7f8-11de-89e2-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{098edccc-d7f8-11de-89e2-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{098edccc-d7f8-11de-89e2-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{098edccd-d7f8-11de-89e2-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{098edccd-d7f8-11de-89e2-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{2a014365-da4d-11de-97b6-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{2a014365-da4d-11de-97b6-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{2a014366-da4d-11de-97b6-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{2a014366-da4d-11de-97b6-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{2a014367-da4d-11de-97b6-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{2a014367-da4d-11de-97b6-90e6ba4ddac4}\Shell\AutoRun\command - "" = L:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{448974d6-1a84-11df-a2ef-91127490b59e}\Shell - "" = AutoRun
O33 - MountPoints2\{448974d6-1a84-11df-a2ef-91127490b59e}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O33 - MountPoints2\{4a2682d4-c0e9-11de-952a-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{4a2682d4-c0e9-11de-952a-90e6ba4ddac4}\Shell\AutoRun\command - "" = I:\Launcher.exe -- File not found
O33 - MountPoints2\{6d0ce6b0-c875-11de-8405-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{6d0ce6b0-c875-11de-8405-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{6d0ce6bc-c875-11de-8405-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{6d0ce6bc-c875-11de-8405-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{6d0ce6de-c875-11de-8405-bf6e29ff32a3}\Shell - "" = AutoRun
O33 - MountPoints2\{6d0ce6de-c875-11de-8405-bf6e29ff32a3}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6d0ce6e0-c875-11de-8405-bf6e29ff32a3}\Shell - "" = AutoRun
O33 - MountPoints2\{6d0ce6e0-c875-11de-8405-bf6e29ff32a3}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6d261105-c6d8-11de-8dca-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{6d261105-c6d8-11de-8dca-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6d26110c-c6d8-11de-8dca-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{6d26110c-c6d8-11de-8dca-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6d261122-c6d8-11de-8dca-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\Toshiba\more4you.exe -- File not found
O33 - MountPoints2\{6d261131-c6d8-11de-8dca-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{6d261131-c6d8-11de-8dca-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6d26113e-c6d8-11de-8dca-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{6d26113e-c6d8-11de-8dca-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6d26114c-c6d8-11de-8dca-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{6d26114c-c6d8-11de-8dca-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{8919b143-d9cb-11de-b984-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{8919b143-d9cb-11de-b984-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{8919b145-d9cb-11de-b984-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{8919b145-d9cb-11de-b984-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{93919431-c1f6-11de-8443-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{93919431-c1f6-11de-8443-90e6ba4ddac4}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{93919433-c1f6-11de-8443-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{93919433-c1f6-11de-8443-90e6ba4ddac4}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{f149e862-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e862-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e863-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e863-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e864-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e864-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e874-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e874-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e875-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e875-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e89e-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e89e-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e8a1-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e8a1-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e8a3-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e8a3-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e8a5-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e8a5-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 7 Days ==========
 
[2010.07.11 19:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.07.11 17:20:20 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Malwarebytes
[2010.07.11 17:20:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.11 17:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.11 17:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.11 16:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.07.10 00:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2010.07.08 22:38:23 | 000,000,000 | ---D | C] -- C:\Users\\Documents\GUILD WARS
[2010.07.08 18:07:05 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\Abelssoft
[2010.07.08 16:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.07.08 15:50:21 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\DOSBox
[2010.07.08 15:50:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74
[2010.07.08 15:41:09 | 000,000,000 | ---D | C] -- C:\madtv
[2010.07.07 16:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IndustrieGigant 2
[2010.07.06 21:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro - Kopie
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 7 Days ==========
 
[2010.07.11 21:13:25 | 008,126,464 | -HS- | M] () -- C:\Users\\NTUSER.DAT
[2010.07.11 19:51:01 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.11 19:51:01 | 000,618,442 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.07.11 19:51:01 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.11 19:51:01 | 000,122,842 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.07.11 19:51:01 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.11 19:47:53 | 000,120,357 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.07.11 19:47:21 | 000,101,272 | ---- | M] () -- C:\Users\\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.11 19:46:48 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\WashAndGo EasyClean Logon.job
[2010.07.11 19:46:32 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2010.07.11 19:46:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.11 19:46:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.11 19:46:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.11 19:46:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.11 19:46:19 | 4294,234,112 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.11 19:40:32 | 000,012,288 | ---- | M] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.11 19:28:55 | 000,411,917 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.11 19:21:44 | 000,000,853 | ---- | M] () -- C:\Users\\Desktop\CCleaner.lnk
[2010.07.11 19:13:01 | 000,411,917 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100711-192855.backup
[2010.07.11 17:20:15 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.11 16:34:08 | 000,001,935 | ---- | M] () -- C:\Users\\Desktop\HijackThis.lnk
[2010.07.11 11:30:26 | 000,120,357 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.11 11:24:19 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\WashAndGo EasyClean.job
[2010.07.11 00:32:19 | 000,001,926 | ---- | M] () -- C:\Users\\Desktop\IndustrieGigant 2.lnk
[2010.07.10 23:35:38 | 000,000,810 | ---- | M] () -- C:\Users\\Documents\aionmemo_a14522e5.dat
[2010.07.09 23:54:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.07.09 23:54:12 | 004,147,983 | -H-- | M] () -- C:\Users\\AppData\Local\IconCache.db
[2010.07.08 18:47:01 | 000,374,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.07.08 18:45:58 | 000,524,288 | -HS- | M] () -- C:\Users\\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.07.08 18:45:58 | 000,065,536 | -HS- | M] () -- C:\Users\\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.07.08 18:34:18 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2010.07.08 18:21:24 | 000,001,767 | ---- | M] () -- C:\Users\\Desktop\1-Klick-EasyClean starten.lnk
[2010.07.08 18:21:24 | 000,001,747 | ---- | M] () -- C:\Users\\Desktop\WashAndGo.lnk
[2010.07.08 15:50:12 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.11 19:37:47 | 000,012,288 | ---- | C] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.11 19:21:44 | 000,000,853 | ---- | C] () -- C:\Users\\Desktop\CCleaner.lnk
[2010.07.11 17:20:15 | 000,000,855 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.11 17:20:09 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.11 16:33:57 | 000,001,935 | ---- | C] () -- C:\Users\\Desktop\HijackThis.lnk
[2010.07.11 00:32:19 | 000,001,926 | ---- | C] () -- C:\Users\\Desktop\IndustrieGigant 2.lnk
[2010.07.08 18:49:48 | 000,000,308 | ---- | C] () -- C:\Windows\tasks\WashAndGo EasyClean Logon.job
[2010.07.08 18:49:48 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\WashAndGo EasyClean.job
[2010.07.08 15:50:12 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2010.05.10 00:39:31 | 000,000,255 | ---- | C] () -- C:\Windows\game.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.01.19 20:33:46 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010.01.19 20:33:46 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2009.12.11 21:12:35 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2009.10.24 20:19:35 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009.09.22 02:27:58 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini
[2009.09.22 02:27:58 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini
[2009.09.22 02:26:55 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.09.22 02:26:55 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.04.30 04:22:42 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 163 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:D06A4C76
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >

Schon mal Danke im Vorraus

cosinus 12.07.2010 18:15
Hallo,

gabs da noch mehr Logs von Malwarebytes oder hat es tatsächlich nichts gefunden?

Glasbrecher 12.07.2010 18:28
Der Log wurde von mir nach der Bereinigung durchgeführt, da ich die Prozesse, Dateien und Reg-Einträge per Hand vorher gekillt/gelöscht/korigiert habe.(und vorher auch kein Scan laufen habe lassen)

Ich hatte selber nicht das typische Problem, dass sich AVSS gewehrt hat.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19