Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Nachkontrolle Systemreinigung nach AV Security Suite

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.07.2010, 20:31   #1
Glasbrecher
 
Nachkontrolle Systemreinigung nach AV Security Suite - Standard

Nachkontrolle Systemreinigung nach AV Security Suite



Hatte mir den schönen AV Security Suite ( www. trojaner-board. de/86690-av-security-suite-entfernen.html ) eingefangen.
Rechner habe ich soweit wie möglich gecleaned, gab auch keine Probleme, möchte da aber auf Nummer Sicher gehen und bitte euch mal drüber zu kucken:

Hijack this:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:11, on 11.07.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Windows\ASScrPro.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
d:\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\CCleaner\CCleaner.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7796 bytes
         
sorgen mach ich mir ein wenig hier:
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing)
wird als schädlich angezeit, weiß aber nicht ob das ganze auf den HJT-64Bit Koflikt zurückzuführen ist.



CCleaner: Keine Fehler gefunden
Antivir: clean
Spybot: clean

Malwarebytes:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4302

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

11.07.2010 21:10:43
mbam-log-2010-07-11 (21-10-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Durchsuchte Objekte: 472198
Laufzeit: 1 Stunde(n), 6 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
OTL: (einiger "Altersschrott", ansonstens kann ich da Nichts sehen)
Code:
ATTFilter
OTL logfile created on: 11.07.2010 21:12:38 - Run 2
OTL by OldTimer - Version 3.2.9.0     Folder = c:\Users\\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 28,00% Memory free
14,00 Gb Paging File | 11,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): c:\pagefile.sys 10240 10240 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 39,68 Gb Free Space | 26,63% Space Free | Partition Type: NTFS
Drive D: | 136,35 Gb Total Space | 26,59 Gb Free Space | 19,50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 149,04 Gb Total Space | 41,57 Gb Free Space | 27,89% Space Free | Partition Type: NTFS
Drive G: | 149,04 Gb Total Space | 21,40 Gb Free Space | 14,36% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: 
Current User Name: 
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\\Downloads\OTL.exe (OldTimer Tools)
PRC - d:\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - d:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - c:\Users\\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (appdrvrem01) -- C:\Windows\SysNative\appdrvrem01.exe File not found
SRV:64bit: - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe ()
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (appdrv01) Application Driver (01) -- C:\Windows\SysNative\Drivers\appdrv01.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys ()
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV:64bit: - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys ()
DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys ()
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys ()
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys ()
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys ()
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfsync02.sys ()
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-201935087-3292007685-2109191542-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-201935087-3292007685-2109191542-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-201935087-3292007685-2109191542-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-201935087-3292007685-2109191542-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..network.proxy.backup.ftp: "152.189.42.120.35"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "152.189.42.120.35"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "152.189.42.120.35"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "152.189.42.120.35"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "88.198.9.119"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "88.198.9.119"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "88.198.9.119"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "88.198.9.119"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: d:\Mozilla Firefox\components [2010.07.01 16:33:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: d:\Mozilla Firefox\plugins [2010.07.03 16:07:06 | 000,000,000 | ---D | M]
 
[2009.10.28 17:11:45 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\mozilla\Extensions
[2010.07.11 18:36:53 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\zapiwtzy.default\extensions
[2010.05.23 00:23:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\zapiwtzy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.06 11:43:53 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\zapiwtzy.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.04.23 18:53:02 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\mozilla\Firefox\Profiles\zapiwtzy.default\extensions\firefox@tvunetworks.com
[2010.07.07 01:01:38 | 000,002,454 | ---- | M] () -- C:\Users\\AppData\Roaming\Mozilla\FireFox\Profiles\zapiwtzy.default\searchplugins\google-deutschland.xml
 
O1 HOSTS File: ([2010.07.11 19:28:55 | 000,411,917 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14236 more lines...
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-201935087-3292007685-2109191542-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-201935087-3292007685-2109191542-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-201935087-3292007685-2109191542-1000..\Run: [PlayNC Launcher]  File not found
O4 - HKU\S-1-5-21-201935087-3292007685-2109191542-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-201935087-3292007685-2109191542-1000\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{098edccb-d7f8-11de-89e2-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{098edccb-d7f8-11de-89e2-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{098edccc-d7f8-11de-89e2-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{098edccc-d7f8-11de-89e2-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{098edccd-d7f8-11de-89e2-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{098edccd-d7f8-11de-89e2-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{2a014365-da4d-11de-97b6-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{2a014365-da4d-11de-97b6-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{2a014366-da4d-11de-97b6-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{2a014366-da4d-11de-97b6-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{2a014367-da4d-11de-97b6-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{2a014367-da4d-11de-97b6-90e6ba4ddac4}\Shell\AutoRun\command - "" = L:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{448974d6-1a84-11df-a2ef-91127490b59e}\Shell - "" = AutoRun
O33 - MountPoints2\{448974d6-1a84-11df-a2ef-91127490b59e}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O33 - MountPoints2\{4a2682d4-c0e9-11de-952a-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{4a2682d4-c0e9-11de-952a-90e6ba4ddac4}\Shell\AutoRun\command - "" = I:\Launcher.exe -- File not found
O33 - MountPoints2\{6d0ce6b0-c875-11de-8405-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{6d0ce6b0-c875-11de-8405-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{6d0ce6bc-c875-11de-8405-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{6d0ce6bc-c875-11de-8405-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{6d0ce6de-c875-11de-8405-bf6e29ff32a3}\Shell - "" = AutoRun
O33 - MountPoints2\{6d0ce6de-c875-11de-8405-bf6e29ff32a3}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6d0ce6e0-c875-11de-8405-bf6e29ff32a3}\Shell - "" = AutoRun
O33 - MountPoints2\{6d0ce6e0-c875-11de-8405-bf6e29ff32a3}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6d261105-c6d8-11de-8dca-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{6d261105-c6d8-11de-8dca-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6d26110c-c6d8-11de-8dca-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{6d26110c-c6d8-11de-8dca-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6d261122-c6d8-11de-8dca-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\Toshiba\more4you.exe -- File not found
O33 - MountPoints2\{6d261131-c6d8-11de-8dca-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{6d261131-c6d8-11de-8dca-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6d26113e-c6d8-11de-8dca-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{6d26113e-c6d8-11de-8dca-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{6d26114c-c6d8-11de-8dca-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{6d26114c-c6d8-11de-8dca-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{8919b143-d9cb-11de-b984-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{8919b143-d9cb-11de-b984-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{8919b145-d9cb-11de-b984-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{8919b145-d9cb-11de-b984-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{93919431-c1f6-11de-8443-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{93919431-c1f6-11de-8443-90e6ba4ddac4}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- File not found
O33 - MountPoints2\{93919433-c1f6-11de-8443-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{93919433-c1f6-11de-8443-90e6ba4ddac4}\Shell\AutoRun\command - "" = K:\AutoRun.exe -- File not found
O33 - MountPoints2\{f149e862-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e862-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e863-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e863-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e864-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e864-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e874-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e874-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e875-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e875-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e89e-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e89e-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e8a1-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e8a1-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e8a3-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e8a3-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{f149e8a5-cd11-11de-bc8d-90e6ba4ddac4}\Shell - "" = AutoRun
O33 - MountPoints2\{f149e8a5-cd11-11de-bc8d-90e6ba4ddac4}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 7 Days ==========
 
[2010.07.11 19:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.07.11 17:20:20 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Malwarebytes
[2010.07.11 17:20:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.11 17:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.11 17:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.11 16:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.07.10 00:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2010.07.08 22:38:23 | 000,000,000 | ---D | C] -- C:\Users\\Documents\GUILD WARS
[2010.07.08 18:07:05 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\Abelssoft
[2010.07.08 16:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.07.08 15:50:21 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\DOSBox
[2010.07.08 15:50:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74
[2010.07.08 15:41:09 | 000,000,000 | ---D | C] -- C:\madtv
[2010.07.07 16:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IndustrieGigant 2
[2010.07.06 21:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro - Kopie
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 7 Days ==========
 
[2010.07.11 21:13:25 | 008,126,464 | -HS- | M] () -- C:\Users\\NTUSER.DAT
[2010.07.11 19:51:01 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.11 19:51:01 | 000,618,442 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.07.11 19:51:01 | 000,587,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.11 19:51:01 | 000,122,842 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.07.11 19:51:01 | 000,101,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.11 19:47:53 | 000,120,357 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.07.11 19:47:21 | 000,101,272 | ---- | M] () -- C:\Users\\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.11 19:46:48 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\WashAndGo EasyClean Logon.job
[2010.07.11 19:46:32 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2010.07.11 19:46:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.11 19:46:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.11 19:46:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.11 19:46:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.11 19:46:19 | 4294,234,112 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.11 19:40:32 | 000,012,288 | ---- | M] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.11 19:28:55 | 000,411,917 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.11 19:21:44 | 000,000,853 | ---- | M] () -- C:\Users\\Desktop\CCleaner.lnk
[2010.07.11 19:13:01 | 000,411,917 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100711-192855.backup
[2010.07.11 17:20:15 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.11 16:34:08 | 000,001,935 | ---- | M] () -- C:\Users\\Desktop\HijackThis.lnk
[2010.07.11 11:30:26 | 000,120,357 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.11 11:24:19 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\WashAndGo EasyClean.job
[2010.07.11 00:32:19 | 000,001,926 | ---- | M] () -- C:\Users\\Desktop\IndustrieGigant 2.lnk
[2010.07.10 23:35:38 | 000,000,810 | ---- | M] () -- C:\Users\\Documents\aionmemo_a14522e5.dat
[2010.07.09 23:54:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.07.09 23:54:12 | 004,147,983 | -H-- | M] () -- C:\Users\\AppData\Local\IconCache.db
[2010.07.08 18:47:01 | 000,374,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.07.08 18:45:58 | 000,524,288 | -HS- | M] () -- C:\Users\\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.07.08 18:45:58 | 000,065,536 | -HS- | M] () -- C:\Users\\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.07.08 18:34:18 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2010.07.08 18:21:24 | 000,001,767 | ---- | M] () -- C:\Users\\Desktop\1-Klick-EasyClean starten.lnk
[2010.07.08 18:21:24 | 000,001,747 | ---- | M] () -- C:\Users\\Desktop\WashAndGo.lnk
[2010.07.08 15:50:12 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.11 19:37:47 | 000,012,288 | ---- | C] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.11 19:21:44 | 000,000,853 | ---- | C] () -- C:\Users\\Desktop\CCleaner.lnk
[2010.07.11 17:20:15 | 000,000,855 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.11 17:20:09 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.11 16:33:57 | 000,001,935 | ---- | C] () -- C:\Users\\Desktop\HijackThis.lnk
[2010.07.11 00:32:19 | 000,001,926 | ---- | C] () -- C:\Users\\Desktop\IndustrieGigant 2.lnk
[2010.07.08 18:49:48 | 000,000,308 | ---- | C] () -- C:\Windows\tasks\WashAndGo EasyClean Logon.job
[2010.07.08 18:49:48 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\WashAndGo EasyClean.job
[2010.07.08 15:50:12 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2010.05.10 00:39:31 | 000,000,255 | ---- | C] () -- C:\Windows\game.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.01.19 20:33:46 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010.01.19 20:33:46 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2009.12.11 21:12:35 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2009.10.24 20:19:35 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009.09.22 02:27:58 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini
[2009.09.22 02:27:58 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini
[2009.09.22 02:26:55 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.09.22 02:26:55 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.04.30 04:22:42 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 163 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:D06A4C76
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >
         

Schon mal Danke im Vorraus

Alt 12.07.2010, 18:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nachkontrolle Systemreinigung nach AV Security Suite - Standard

Nachkontrolle Systemreinigung nach AV Security Suite



Hallo,

gabs da noch mehr Logs von Malwarebytes oder hat es tatsächlich nichts gefunden?
__________________

__________________

Alt 12.07.2010, 18:28   #3
Glasbrecher
 
Nachkontrolle Systemreinigung nach AV Security Suite - Standard

Nachkontrolle Systemreinigung nach AV Security Suite



Der Log wurde von mir nach der Bereinigung durchgeführt, da ich die Prozesse, Dateien und Reg-Einträge per Hand vorher gekillt/gelöscht/korigiert habe.(und vorher auch kein Scan laufen habe lassen)

Ich hatte selber nicht das typische Problem, dass sich AVSS gewehrt hat.
__________________

Antwort

Themen zu Nachkontrolle Systemreinigung nach AV Security Suite
alternate, antivir, antivir guard, autorun, avgntflt.sys, avira, bho, browser, components, computer, desktop, error, excel, fehler, firefox, hijackthis, home premium, iastor.sys, internet, internet explorer, location, logfile, malwarebytes' anti-malware, mozilla, oldtimer, otl logfile, otl.exe, programdata, realtek, registry, rundll, safer networking, saver, searchplugins, security, security suit, security suite, software, sptd.sys, syswow64, usb, vista, vodafone, wallpapers, windows



Ähnliche Themen: Nachkontrolle Systemreinigung nach AV Security Suite


  1. AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung
    Plagegeister aller Art und deren Bekämpfung - 14.09.2010 (47)
  2. Windows Security Alert / AV Security Suite / Antivirus Software Alert / gefakter AV lähmt PC
    Plagegeister aller Art und deren Bekämpfung - 09.09.2010 (3)
  3. Malware / Virus / Trojaner - "Windows Security Alert / Security Suite"
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (11)
  4. av security suite, gelöscht nach anleitung, jetzt alles in ordnung ?
    Log-Analyse und Auswertung - 30.08.2010 (3)
  5. Pc sehr langsam nach löschen von AV Security Suite / WinXP
    Log-Analyse und Auswertung - 29.08.2010 (60)
  6. Nach Entfernung der AV Security Suite kein Internet mehr....aber Ping geht
    Netzwerk und Hardware - 20.08.2010 (38)
  7. Nach AV Security Suite kein Internet mehr
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (26)
  8. Probleme nach AV Security Suite
    Plagegeister aller Art und deren Bekämpfung - 01.08.2010 (2)
  9. WIN XP: langsamer PC nach Löschen von AV Security Suite
    Log-Analyse und Auswertung - 28.07.2010 (43)
  10. Probleme nach der "Entfernung" von AV Security Suite
    Plagegeister aller Art und deren Bekämpfung - 25.07.2010 (33)
  11. Windows Security Alert / AV Security Suite / Antivirus Software Alert// Ohne Internet
    Plagegeister aller Art und deren Bekämpfung - 21.07.2010 (1)
  12. AV Security Suite nach Anleitung entfernt, kommt bei Neustart immer wieder
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (2)
  13. AV Security Suite - Nach Entfernung öffnen sich in Firefox ungewünschte Tabs
    Log-Analyse und Auswertung - 15.07.2010 (29)
  14. AV Security Suite entfernt- Nachkontrolle
    Plagegeister aller Art und deren Bekämpfung - 14.07.2010 (2)
  15. AV Security Suite - Systemprüfung nach Entfernung gemäß FAQ
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (1)
  16. AV Security Suite nach Anleitung entfernt. Alles ok jetzt?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2010 (1)
  17. AV Security Suite nach Anleitung entfernt. Alles weg jetzt?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2010 (0)

Zum Thema Nachkontrolle Systemreinigung nach AV Security Suite - Hatte mir den schönen AV Security Suite ( www. trojaner-board. de/86690-av-security-suite-entfernen.html ) eingefangen. Rechner habe ich soweit wie möglich gecleaned, gab auch keine Probleme, möchte da aber auf Nummer Sicher - Nachkontrolle Systemreinigung nach AV Security Suite...
Archiv
Du betrachtest: Nachkontrolle Systemreinigung nach AV Security Suite auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.