| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32:malware-genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.01.2012, 22:24
| #1 |
   |  Win32:malware-gen Huhu, Nachdem ich heute ein Problem mit BlueScreens hatte http://www.trojaner-board.de/108413-...tml#post758303 gab auch jetzt 2 Stunden später mein Avast Alarm.  Screenshot liegt bei. Gefunden wurde 2x Win32.Malware-gen. Ich bitte um Hilfe, da ich Linux und Windows im Dualboot laufen habe, es wäre schlecht Windows neuaufzusetzen, da dies den GRUB von Linux zerschießen würde. Meine Logfiles: OTL (Extras.txt ist im Anhang) Code:
ATTFilter OTL logfile created on: 21.01.2012 22:16:30 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\DasKnuffel112\Desktop 64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 61,09% Memory free 8,21 Gb Paging File | 6,60 Gb Available in Paging File | 80,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 596,17 Gb Total Space | 571,07 Gb Free Space | 95,79% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 286,06 Gb Free Space | 95,96% Space Free | Partition Type: NTFS Drive F: | 961,73 Mb Total Space | 957,67 Mb Free Space | 99,58% Space Free | Partition Type: FAT Drive G: | 465,76 Gb Total Space | 452,66 Gb Free Space | 97,19% Space Free | Partition Type: NTFS Computer Name: SYSTEM-ADMIN-PC | User Name: System-Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.21 22:14:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DasKnuffel112\Desktop\OTL.exe PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2010.06.15 10:36:40 | 006,479,712 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RaUI.exe PRC - [2010.06.01 13:37:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe PRC - [2009.04.11 17:21:57 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe ========== Modules (No Company Name) ========== MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2010.06.14 14:38:44 | 000,984,416 | ---- | M] () -- C:\Program Files (x86)\Hama\Common\RaWLAPI.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.11.28 19:01:23 | 000,127,192 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV:64bit: - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011.11.10 04:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2008.01.21 03:49:41 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.11.16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.06.01 13:38:46 | 000,211,296 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry64.exe -- (RalinkRegistryWriter64) SRV - [2010.06.01 13:37:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.04.11 17:22:45 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.28 18:54:44 | 000,140,120 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011.11.28 18:53:28 | 000,258,392 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2) DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011.11.28 18:26:19 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\aswNdis.sys -- (aswNdis) DRV:64bit: - [2011.11.10 04:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.11.10 03:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.05.13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.02.24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.02.24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone) DRV:64bit: - [2010.12.30 08:01:08 | 000,392,296 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2010.05.27 14:45:22 | 001,037,664 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009.08.23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2006.10.31 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.01.21 13:38:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.21 13:20:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.21 13:35:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.01.21 13:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\System-Admin\AppData\Roaming\mozilla\Extensions [2012.01.21 17:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.21 17:10:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation) O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA593369-2305-4436-A251-C2EFAE91CB3C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Malwarebytes Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.01.21 20:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\German Truck Simulator [2012.01.21 20:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\German Truck Simulator [2012.01.21 19:45:55 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView [2012.01.21 19:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft [2012.01.21 19:34:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.01.21 19:30:17 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\WinRAR [2012.01.21 19:30:17 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.01.21 19:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.01.21 19:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.01.21 18:59:29 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShotOnline [2012.01.21 18:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShotOnline [2012.01.21 18:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShotOnline [2012.01.21 18:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes [2012.01.21 18:13:31 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.01.21 18:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2012.01.21 18:08:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live [2012.01.21 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012.01.21 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2012.01.21 18:08:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012.01.21 18:08:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.01.21 18:06:44 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Windows Live [2012.01.21 18:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2012.01.21 18:05:55 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SerialSaver 2.2 [2012.01.21 18:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SerialSaver 2.2 [2012.01.21 18:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SerialSaver 2.2 [2012.01.21 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2012.01.21 17:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2012.01.21 17:58:20 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Malwarebytes [2012.01.21 17:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.01.21 17:58:14 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.01.21 17:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.01.21 17:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.21 17:43:59 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\ImgBurn [2012.01.21 17:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2012.01.21 17:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2012.01.21 17:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.01.21 17:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.01.21 17:10:33 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 [2012.01.21 17:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2012.01.21 17:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.01.21 17:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.01.21 17:09:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.01.21 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\Desktop\OpenOffice.org 3.3 (de) Installation Files [2012.01.21 17:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.01.21 17:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012.01.21 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Paint.NET [2012.01.21 17:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2012.01.21 15:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.01.21 15:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2012.01.21 15:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices [2012.01.21 15:45:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell [2012.01.21 15:45:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell [2012.01.21 15:44:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2012.01.21 14:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.01.21 14:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012.01.21 14:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink [2012.01.21 14:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hama Wireless LAN [2012.01.21 14:12:56 | 001,037,664 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys [2012.01.21 14:12:56 | 000,326,496 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll [2012.01.21 14:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\RalinkRT2870 Driver [2012.01.21 14:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco [2012.01.21 14:12:48 | 002,036,000 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RaCertMgr.dll [2012.01.21 14:12:48 | 001,606,944 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RaCertMgr.dll [2012.01.21 14:12:48 | 001,098,528 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAIHV.dll [2012.01.21 14:12:48 | 001,098,528 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAIHV.dll [2012.01.21 14:12:48 | 000,128,800 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAEXTUI.dll [2012.01.21 14:12:48 | 000,128,800 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAEXTUI.dll [2012.01.21 14:12:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RaLanguages [2012.01.21 14:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hama [2012.01.21 14:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.01.21 14:10:21 | 000,000,000 | ---D | C] -- C:\ATI Technologies [2012.01.21 14:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology [2012.01.21 14:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3 [2012.01.21 14:05:52 | 000,392,296 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rtlh64.sys [2012.01.21 14:05:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.01.21 14:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.01.21 14:04:44 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012.01.21 14:04:44 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.01.21 14:04:44 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.01.21 14:04:44 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.01.21 14:04:44 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.01.21 14:04:43 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll [2012.01.21 14:04:43 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll [2012.01.21 14:04:43 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll [2012.01.21 14:04:43 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2012.01.21 14:04:39 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.01.21 14:04:39 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.01.21 14:04:39 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.01.21 14:04:39 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.01.21 14:04:39 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.01.21 14:04:39 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.01.21 14:04:36 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2012.01.21 14:04:36 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2012.01.21 14:04:36 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2012.01.21 14:04:36 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2012.01.21 14:04:36 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2012.01.21 14:04:36 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2012.01.21 14:04:35 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012.01.21 14:04:35 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2012.01.21 14:04:34 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2012.01.21 14:04:34 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.01.21 14:04:30 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.01.21 14:04:29 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2012.01.21 14:04:29 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2012.01.21 14:04:29 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2012.01.21 14:04:29 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2012.01.21 14:04:28 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2012.01.21 14:04:28 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2012.01.21 14:04:28 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2012.01.21 14:04:28 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2012.01.21 14:04:28 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2012.01.21 14:04:28 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2012.01.21 14:04:28 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2012.01.21 14:04:28 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2012.01.21 14:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.01.21 14:04:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012.01.21 14:04:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.01.21 14:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.01.21 14:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.01.21 14:03:42 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.01.21 14:01:01 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.01.21 14:01:01 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Searches [2012.01.21 14:01:01 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.01.21 14:00:54 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Identities [2012.01.21 14:00:53 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Contacts [2012.01.21 14:00:52 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\VirtualStore [2012.01.21 14:00:49 | 000,000,000 | --SD | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft [2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Videos [2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Saved Games [2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Pictures [2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Music [2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Links [2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Favorites [2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Downloads [2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Documents [2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Desktop [2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Vorlagen [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\AppData\Local\Verlauf [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\AppData\Local\Temporary Internet Files [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Startmenü [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\SendTo [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Recent [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Netzwerkumgebung [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Lokale Einstellungen [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Documents\Eigene Videos [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Documents\Eigene Musik [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Eigene Dateien [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Documents\Eigene Bilder [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Druckumgebung [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Cookies [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\AppData\Local\Anwendungsdaten [2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Anwendungsdaten [2012.01.21 14:00:49 | 000,000,000 | -H-D | C] -- C:\Users\System-Admin\AppData [2012.01.21 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Temp [2012.01.21 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Microsoft [2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Programme [2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.01.21 13:59:01 | 000,000,000 | ---D | C] -- C:\Windows\Debug [2012.01.21 13:47:47 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\WindowsUpdate [2012.01.21 13:44:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.01.21 13:42:56 | 000,000,000 | ---D | C] -- C:\Windows\CSC [2012.01.21 13:41:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.01.21 13:41:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.01.21 13:40:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.01.21 13:40:45 | 000,000,000 | -HSD | C] -- C:\Boot [2012.01.21 13:39:49 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.01.21 13:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2012.01.21 13:39:48 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.01.21 13:39:46 | 000,140,120 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys [2012.01.21 13:39:11 | 000,258,392 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys [2012.01.21 13:39:10 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.01.21 13:39:10 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.01.21 13:39:10 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2012.01.21 13:39:09 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.01.21 13:39:08 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.01.21 13:38:45 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys [2012.01.21 13:38:43 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.01.21 13:38:43 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.01.21 13:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.01.21 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.01.21 13:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.01.21 13:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [2012.01.21 13:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2012.01.21 13:28:46 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Mozilla [2012.01.21 13:21:36 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Macromedia [2012.01.21 13:21:36 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Adobe [2012.01.21 13:21:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.01.21 13:21:08 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Mozilla [2012.01.21 13:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.01.22 04:24:43 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2012.01.21 22:12:52 | 000,000,000 | ---- | M] () -- C:\Users\System-Admin\defogger_reenable [2012.01.21 21:22:50 | 001,445,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.01.21 21:22:50 | 000,628,430 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.01.21 21:22:50 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.01.21 21:22:50 | 000,126,236 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.01.21 21:22:50 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.01.21 21:17:35 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.01.21 21:17:35 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.01.21 21:17:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.01.21 19:31:46 | 000,300,676 | RHS- | M] () -- C:\AGWUD [2012.01.21 19:13:10 | 000,256,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.01.21 18:59:29 | 000,000,887 | ---- | M] () -- C:\Users\System-Admin\Desktop\ShotOnline.lnk [2012.01.21 18:34:53 | 000,057,654 | ---- | M] () -- C:\Windows\OEMLogo.bmp [2012.01.21 17:59:29 | 000,001,116 | ---- | M] () -- C:\Users\System-Admin\Desktop\Revo Uninstaller.lnk [2012.01.21 15:43:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.01.21 14:39:46 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat [2012.01.21 14:39:46 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat [2012.01.21 14:39:46 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat [2012.01.21 14:39:46 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat [2012.01.21 14:39:38 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.01.21 14:39:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.01.21 14:13:35 | 000,001,818 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk [2012.01.21 14:07:58 | 000,000,732 | ---- | M] () -- C:\Users\System-Admin\AppData\Local\d3d9caps64.dat [2012.01.21 14:07:29 | 000,032,079 | ---- | M] () -- C:\Windows\Ascd_log.ini [2012.01.21 14:02:48 | 000,024,280 | ---- | M] () -- C:\Windows\Ascd_tmp.ini [2012.01.21 14:02:37 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2012.01.21 13:46:14 | 000,292,781 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.01.21 13:45:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf [2012.01.21 13:39:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.01.21 13:16:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin ========== Files Created - No Company Name ========== [2012.01.22 04:24:41 | 000,000,001 | -HS- | C] () -- C:\BOOTNXT [2012.01.21 22:12:52 | 000,000,000 | ---- | C] () -- C:\Users\System-Admin\defogger_reenable [2012.01.21 19:31:46 | 000,300,676 | RHS- | C] () -- C:\AGWUD [2012.01.21 18:59:29 | 000,000,887 | ---- | C] () -- C:\Users\System-Admin\Desktop\ShotOnline.lnk [2012.01.21 18:11:52 | 000,001,229 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk [2012.01.21 18:11:07 | 000,001,298 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk [2012.01.21 18:10:37 | 000,002,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2012.01.21 17:59:29 | 000,001,116 | ---- | C] () -- C:\Users\System-Admin\Desktop\Revo Uninstaller.lnk [2012.01.21 17:40:41 | 000,001,733 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2012.01.21 17:08:02 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2012.01.21 15:43:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.01.21 14:55:01 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2012.01.21 14:55:01 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2012.01.21 14:55:01 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2012.01.21 14:55:01 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2012.01.21 14:55:01 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl [2012.01.21 14:55:01 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl [2012.01.21 14:39:38 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.01.21 14:39:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.01.21 14:28:32 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf [2012.01.21 14:13:35 | 000,001,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk [2012.01.21 14:12:56 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.01.21 14:12:56 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat [2012.01.21 14:12:48 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2012.01.21 14:12:48 | 000,147,456 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.dll [2012.01.21 14:12:48 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2012.01.21 14:12:48 | 000,000,451 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.ini [2012.01.21 14:09:12 | 000,057,654 | ---- | C] () -- C:\Windows\OEMLogo.bmp [2012.01.21 14:05:52 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll [2012.01.21 14:03:04 | 000,032,079 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.01.21 14:02:26 | 000,015,680 | ---- | C] () -- C:\Windows\SysNative\drivers\ASACPI.sys [2012.01.21 14:02:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.01.21 14:02:20 | 000,024,280 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.01.21 14:01:05 | 000,000,949 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.01.21 14:01:02 | 000,000,979 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.01.21 14:01:01 | 000,000,974 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.01.21 14:00:53 | 000,000,915 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.01.21 14:00:50 | 000,000,732 | ---- | C] () -- C:\Users\System-Admin\AppData\Local\d3d9caps64.dat [2012.01.21 13:45:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf [2012.01.21 13:40:46 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2012.01.21 13:40:45 | 000,367,472 | RHS- | C] () -- C:\bootmgr [2012.01.21 13:39:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.01.21 13:35:19 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.01.21 13:30:17 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012.01.21 13:30:17 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.01.21 13:30:16 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.01.21 13:30:16 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012.01.21 13:20:50 | 000,000,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.01.21 13:16:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.04.11 17:22:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.04.11 17:21:25 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009.04.11 17:21:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.04.11 17:21:18 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2009.02.19 04:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe [2008.01.21 03:48:25 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006.11.02 16:34:20 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin ========== LOP Check ========== [2012.01.21 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\System-Admin\AppData\Roaming\ImgBurn [2012.01.21 21:16:27 | 000,010,144 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.01.21 13:31:19 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.01.21 14:10:21 | 000,000,000 | ---D | M] -- C:\ATI Technologies [2012.01.22 04:24:41 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 16:39:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.01.21 13:59:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.01.21 04:03:12 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.01.21 19:30:15 | 000,000,000 | R--D | M] -- C:\Program Files [2012.01.21 20:19:22 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.01.21 17:58:14 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.01.21 13:59:17 | 000,000,000 | -HSD | M] -- C:\Programme [2012.01.21 22:17:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.21 13:31:03 | 000,000,000 | R--D | M] -- C:\Users [2012.01.21 21:15:26 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\SysNative\drivers\afd.sys [2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys [2009.04.11 17:21:32 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=12415CCFD3E7CEC55B5184E67B039FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys [2011.04.21 14:54:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=7B8E5F3A0626CA83B706F0738830845F -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys [2011.04.21 14:42:48 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=9BB97042FA331A0FB4BDD98B9280A50A -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys [2011.04.21 14:47:41 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B53144D2EBB0843DD0436F5EA6953F65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys < MD5 for: EXPLORER.EXE > [2009.04.11 17:21:45 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009.04.11 17:21:45 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2009.04.11 17:22:03 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009.04.11 17:22:03 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 03:48:09 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 03:48:50 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe [2008.01.21 03:48:50 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe [2008.01.21 03:48:09 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 03:48:55 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 03:48:55 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:48:04 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 03:48:04 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:46:19 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.21 03:46:19 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.21 03:48:42 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.21 03:48:42 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 17:22:11 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 17:22:11 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2009.04.11 17:22:36 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 17:22:36 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.21.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 System-Admin :: SYSTEM-ADMIN-PC [Administrator] 21.01.2012 19:35:55 mbam-log-2012-01-21 (19-35-55).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 367898 Laufzeit: 36 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ich danke jetzt schonmal für die Hilfe 
__________________ PC Betriebssystem: Microsoft Windows 8.1 Smartphone: Hardware: iPhone 5s | Betriebssystem: iOS 8.2 Geändert von DasKnuffel (21.01.2012 um 22:39 Uhr) |
| Themen zu Win32:malware-gen |
| 64-bit, administratorrechte, antivirus, autorun, avast, bho, dateisystem, defender, explorer, firefox, firewall, focus, format, helper, heuristiks/extra, heuristiks/shuriken, installation, malwarebytes, microsoft, mozilla, mozilla thunderbird, plug-in, problem, programme, realtek, required, rundll, scan, software, version=1.0, windows, winlogon, winlogon.exe, wlan. |
Baum-Darstellung