Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win32:malware-gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 21.01.2012, 22:24   #1
DasKnuffel
 

Win32:malware-gen - Standard

Win32:malware-gen



Huhu,

Nachdem ich heute ein Problem mit BlueScreens hatte http://www.trojaner-board.de/108413-...tml#post758303 gab auch jetzt 2 Stunden später mein Avast Alarm.

Screenshot liegt bei. Gefunden wurde 2x Win32.Malware-gen.

Ich bitte um Hilfe, da ich Linux und Windows im Dualboot laufen habe, es wäre schlecht Windows neuaufzusetzen, da dies den GRUB von Linux zerschießen würde.

Meine Logfiles:

OTL (Extras.txt ist im Anhang)

Code:
ATTFilter
OTL logfile created on: 21.01.2012 22:16:30 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\DasKnuffel112\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 61,09% Memory free
8,21 Gb Paging File | 6,60 Gb Available in Paging File | 80,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 571,07 Gb Free Space | 95,79% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 286,06 Gb Free Space | 95,96% Space Free | Partition Type: NTFS
Drive F: | 961,73 Mb Total Space | 957,67 Mb Free Space | 99,58% Space Free | Partition Type: FAT
Drive G: | 465,76 Gb Total Space | 452,66 Gb Free Space | 97,19% Space Free | Partition Type: NTFS
 
Computer Name: SYSTEM-ADMIN-PC | User Name: System-Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.21 22:14:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DasKnuffel112\Desktop\OTL.exe
PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.06.15 10:36:40 | 006,479,712 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RaUI.exe
PRC - [2010.06.01 13:37:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe
PRC - [2009.04.11 17:21:57 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010.06.14 14:38:44 | 000,984,416 | ---- | M] () -- C:\Program Files (x86)\Hama\Common\RaWLAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.28 19:01:23 | 000,127,192 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011.11.10 04:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008.01.21 03:49:41 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.11.16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.06.01 13:38:46 | 000,211,296 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2010.06.01 13:37:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.04.11 17:22:45 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.28 18:54:44 | 000,140,120 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.11.28 18:53:28 | 000,258,392 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.11.28 18:26:19 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2011.11.10 04:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.10 03:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.05.13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.02.24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.02.24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.30 08:01:08 | 000,392,296 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010.05.27 14:45:22 | 001,037,664 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.08.23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2006.10.31 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.01.21 13:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.21 13:20:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.21 13:35:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.01.21 13:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\System-Admin\AppData\Roaming\mozilla\Extensions
[2012.01.21 17:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.21 17:10:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA593369-2305-4436-A251-C2EFAE91CB3C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg:  Malwarebytes Anti-Malware  - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.21 20:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\German Truck Simulator
[2012.01.21 20:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\German Truck Simulator
[2012.01.21 19:45:55 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2012.01.21 19:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2012.01.21 19:34:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.01.21 19:30:17 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\WinRAR
[2012.01.21 19:30:17 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.01.21 19:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.01.21 19:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.01.21 18:59:29 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShotOnline
[2012.01.21 18:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShotOnline
[2012.01.21 18:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShotOnline
[2012.01.21 18:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2012.01.21 18:13:31 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.01.21 18:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.01.21 18:08:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.01.21 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.01.21 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.01.21 18:08:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.01.21 18:08:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.01.21 18:06:44 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Windows Live
[2012.01.21 18:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012.01.21 18:05:55 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SerialSaver 2.2
[2012.01.21 18:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SerialSaver 2.2
[2012.01.21 18:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SerialSaver 2.2
[2012.01.21 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.01.21 17:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012.01.21 17:58:20 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Malwarebytes
[2012.01.21 17:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.21 17:58:14 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.21 17:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.21 17:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.21 17:43:59 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\ImgBurn
[2012.01.21 17:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012.01.21 17:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012.01.21 17:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.01.21 17:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.21 17:10:33 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.01.21 17:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.01.21 17:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.01.21 17:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.01.21 17:09:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.01.21 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\Desktop\OpenOffice.org 3.3 (de) Installation Files
[2012.01.21 17:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.01.21 17:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.01.21 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Paint.NET
[2012.01.21 17:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012.01.21 15:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.01.21 15:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012.01.21 15:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2012.01.21 15:45:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2012.01.21 15:45:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2012.01.21 15:44:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.01.21 14:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.01.21 14:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.01.21 14:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012.01.21 14:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hama Wireless LAN
[2012.01.21 14:12:56 | 001,037,664 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2012.01.21 14:12:56 | 000,326,496 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2012.01.21 14:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\RalinkRT2870 Driver
[2012.01.21 14:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012.01.21 14:12:48 | 002,036,000 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RaCertMgr.dll
[2012.01.21 14:12:48 | 001,606,944 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RaCertMgr.dll
[2012.01.21 14:12:48 | 001,098,528 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAIHV.dll
[2012.01.21 14:12:48 | 001,098,528 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAIHV.dll
[2012.01.21 14:12:48 | 000,128,800 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAEXTUI.dll
[2012.01.21 14:12:48 | 000,128,800 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAEXTUI.dll
[2012.01.21 14:12:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RaLanguages
[2012.01.21 14:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hama
[2012.01.21 14:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.01.21 14:10:21 | 000,000,000 | ---D | C] -- C:\ATI Technologies
[2012.01.21 14:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[2012.01.21 14:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2012.01.21 14:05:52 | 000,392,296 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2012.01.21 14:05:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.01.21 14:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.01.21 14:04:44 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.01.21 14:04:44 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.01.21 14:04:44 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.01.21 14:04:44 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.01.21 14:04:44 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.01.21 14:04:43 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2012.01.21 14:04:43 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2012.01.21 14:04:43 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2012.01.21 14:04:43 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.01.21 14:04:39 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.01.21 14:04:39 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.01.21 14:04:39 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.01.21 14:04:39 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.01.21 14:04:39 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.01.21 14:04:39 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.01.21 14:04:36 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012.01.21 14:04:36 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012.01.21 14:04:36 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.01.21 14:04:36 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012.01.21 14:04:36 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012.01.21 14:04:36 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012.01.21 14:04:35 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.01.21 14:04:35 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012.01.21 14:04:34 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.01.21 14:04:34 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.01.21 14:04:30 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.01.21 14:04:29 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.01.21 14:04:29 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.01.21 14:04:29 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.01.21 14:04:29 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.01.21 14:04:28 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.01.21 14:04:28 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.01.21 14:04:28 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.01.21 14:04:28 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.01.21 14:04:28 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.01.21 14:04:28 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.01.21 14:04:28 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.01.21 14:04:28 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.01.21 14:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.01.21 14:04:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.01.21 14:04:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.01.21 14:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.01.21 14:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.01.21 14:03:42 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.01.21 14:01:01 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.01.21 14:01:01 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Searches
[2012.01.21 14:01:01 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.01.21 14:00:54 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Identities
[2012.01.21 14:00:53 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Contacts
[2012.01.21 14:00:52 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\VirtualStore
[2012.01.21 14:00:49 | 000,000,000 | --SD | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Videos
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Saved Games
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Pictures
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Music
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Links
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Favorites
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Downloads
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Documents
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Desktop
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Vorlagen
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\AppData\Local\Verlauf
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\AppData\Local\Temporary Internet Files
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Startmenü
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\SendTo
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Recent
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Netzwerkumgebung
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Lokale Einstellungen
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Documents\Eigene Videos
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Documents\Eigene Musik
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Eigene Dateien
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Documents\Eigene Bilder
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Druckumgebung
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Cookies
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\AppData\Local\Anwendungsdaten
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Anwendungsdaten
[2012.01.21 14:00:49 | 000,000,000 | -H-D | C] -- C:\Users\System-Admin\AppData
[2012.01.21 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Temp
[2012.01.21 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Microsoft
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.01.21 13:59:01 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012.01.21 13:47:47 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\WindowsUpdate
[2012.01.21 13:44:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.01.21 13:42:56 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012.01.21 13:41:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.01.21 13:41:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.01.21 13:40:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.01.21 13:40:45 | 000,000,000 | -HSD | C] -- C:\Boot
[2012.01.21 13:39:49 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.01.21 13:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.01.21 13:39:48 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.01.21 13:39:46 | 000,140,120 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.01.21 13:39:11 | 000,258,392 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.01.21 13:39:10 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.01.21 13:39:10 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.01.21 13:39:10 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012.01.21 13:39:09 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.01.21 13:39:08 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.01.21 13:38:45 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012.01.21 13:38:43 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.01.21 13:38:43 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.01.21 13:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.01.21 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.01.21 13:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.01.21 13:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2012.01.21 13:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012.01.21 13:28:46 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Mozilla
[2012.01.21 13:21:36 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Macromedia
[2012.01.21 13:21:36 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Adobe
[2012.01.21 13:21:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.01.21 13:21:08 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Mozilla
[2012.01.21 13:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.22 04:24:43 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012.01.21 22:12:52 | 000,000,000 | ---- | M] () -- C:\Users\System-Admin\defogger_reenable
[2012.01.21 21:22:50 | 001,445,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.21 21:22:50 | 000,628,430 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.21 21:22:50 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.21 21:22:50 | 000,126,236 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.21 21:22:50 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.21 21:17:35 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.21 21:17:35 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.21 21:17:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.21 19:31:46 | 000,300,676 | RHS- | M] () -- C:\AGWUD
[2012.01.21 19:13:10 | 000,256,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.21 18:59:29 | 000,000,887 | ---- | M] () -- C:\Users\System-Admin\Desktop\ShotOnline.lnk
[2012.01.21 18:34:53 | 000,057,654 | ---- | M] () -- C:\Windows\OEMLogo.bmp
[2012.01.21 17:59:29 | 000,001,116 | ---- | M] () -- C:\Users\System-Admin\Desktop\Revo Uninstaller.lnk
[2012.01.21 15:43:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.01.21 14:39:46 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2012.01.21 14:39:46 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2012.01.21 14:39:46 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2012.01.21 14:39:46 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2012.01.21 14:39:38 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.01.21 14:39:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.01.21 14:13:35 | 000,001,818 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2012.01.21 14:07:58 | 000,000,732 | ---- | M] () -- C:\Users\System-Admin\AppData\Local\d3d9caps64.dat
[2012.01.21 14:07:29 | 000,032,079 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2012.01.21 14:02:48 | 000,024,280 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012.01.21 14:02:37 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012.01.21 13:46:14 | 000,292,781 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.01.21 13:45:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.01.21 13:39:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.01.21 13:16:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
 
========== Files Created - No Company Name ==========
 
[2012.01.22 04:24:41 | 000,000,001 | -HS- | C] () -- C:\BOOTNXT
[2012.01.21 22:12:52 | 000,000,000 | ---- | C] () -- C:\Users\System-Admin\defogger_reenable
[2012.01.21 19:31:46 | 000,300,676 | RHS- | C] () -- C:\AGWUD
[2012.01.21 18:59:29 | 000,000,887 | ---- | C] () -- C:\Users\System-Admin\Desktop\ShotOnline.lnk
[2012.01.21 18:11:52 | 000,001,229 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.01.21 18:11:07 | 000,001,298 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.01.21 18:10:37 | 000,002,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.01.21 17:59:29 | 000,001,116 | ---- | C] () -- C:\Users\System-Admin\Desktop\Revo Uninstaller.lnk
[2012.01.21 17:40:41 | 000,001,733 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012.01.21 17:08:02 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012.01.21 15:43:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.01.21 14:55:01 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012.01.21 14:55:01 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012.01.21 14:55:01 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012.01.21 14:55:01 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012.01.21 14:55:01 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2012.01.21 14:55:01 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2012.01.21 14:39:38 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.01.21 14:39:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.01.21 14:28:32 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2012.01.21 14:13:35 | 000,001,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2012.01.21 14:12:56 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.01.21 14:12:56 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2012.01.21 14:12:48 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012.01.21 14:12:48 | 000,147,456 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.dll
[2012.01.21 14:12:48 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012.01.21 14:12:48 | 000,000,451 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.ini
[2012.01.21 14:09:12 | 000,057,654 | ---- | C] () -- C:\Windows\OEMLogo.bmp
[2012.01.21 14:05:52 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012.01.21 14:03:04 | 000,032,079 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.01.21 14:02:26 | 000,015,680 | ---- | C] () -- C:\Windows\SysNative\drivers\ASACPI.sys
[2012.01.21 14:02:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.01.21 14:02:20 | 000,024,280 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.01.21 14:01:05 | 000,000,949 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.01.21 14:01:02 | 000,000,979 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.01.21 14:01:01 | 000,000,974 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.01.21 14:00:53 | 000,000,915 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.01.21 14:00:50 | 000,000,732 | ---- | C] () -- C:\Users\System-Admin\AppData\Local\d3d9caps64.dat
[2012.01.21 13:45:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.01.21 13:40:46 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012.01.21 13:40:45 | 000,367,472 | RHS- | C] () -- C:\bootmgr
[2012.01.21 13:39:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.01.21 13:35:19 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.01.21 13:30:17 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.01.21 13:30:17 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.01.21 13:30:16 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.01.21 13:30:16 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.01.21 13:20:50 | 000,000,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.21 13:16:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.04.11 17:22:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.11 17:21:25 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.04.11 17:21:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.04.11 17:21:18 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009.02.19 04:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe
[2008.01.21 03:48:25 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:34:20 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2012.01.21 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\System-Admin\AppData\Roaming\ImgBurn
[2012.01.21 21:16:27 | 000,010,144 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012.01.21 13:31:19 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.21 14:10:21 | 000,000,000 | ---D | M] -- C:\ATI Technologies
[2012.01.22 04:24:41 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 16:39:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.01.21 13:59:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.01.21 04:03:12 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.21 19:30:15 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.21 20:19:22 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.21 17:58:14 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.01.21 13:59:17 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.01.21 22:17:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.21 13:31:03 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.21 21:15:26 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys
[2009.04.11 17:21:32 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=12415CCFD3E7CEC55B5184E67B039FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys
[2011.04.21 14:54:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=7B8E5F3A0626CA83B706F0738830845F -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys
[2011.04.21 14:42:48 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=9BB97042FA331A0FB4BDD98B9280A50A -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys
[2011.04.21 14:47:41 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B53144D2EBB0843DD0436F5EA6953F65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2009.04.11 17:21:45 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 17:21:45 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009.04.11 17:22:03 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 17:22:03 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 03:48:09 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:48:50 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 03:48:50 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 03:48:09 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:48:55 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:48:55 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:48:04 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:48:04 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:46:19 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:46:19 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:48:42 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:48:42 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 17:22:11 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 17:22:11 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 17:22:36 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 17:22:36 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         
Einziger MBAM-Log

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.21.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
System-Admin :: SYSTEM-ADMIN-PC [Administrator]

21.01.2012 19:35:55
mbam-log-2012-01-21 (19-35-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 367898
Laufzeit: 36 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Alle Tools im Benutzerkonto, aber mit Administratorrechten ausgeführt.

Ich danke jetzt schonmal für die Hilfe
__________________
PC

Betriebssystem: Microsoft Windows 8.1

Smartphone:

Hardware: iPhone 5s | Betriebssystem: iOS 8.2

Geändert von DasKnuffel (21.01.2012 um 22:39 Uhr)

 

Themen zu Win32:malware-gen
64-bit, administratorrechte, antivirus, autorun, avast, bho, dateisystem, defender, explorer, firefox, firewall, focus, format, helper, heuristiks/extra, heuristiks/shuriken, installation, malwarebytes, microsoft, mozilla, mozilla thunderbird, plug-in, problem, programme, realtek, required, rundll, scan, software, version=1.0, windows, winlogon, winlogon.exe, wlan.




Ähnliche Themen: Win32:malware-gen


  1. Win32:Malware-gen, Win32:Adware-gen, Win32:rookit-gen können nicht gelöscht werden
    Log-Analyse und Auswertung - 17.11.2015 (16)
  2. Win32: Malware-gen / Win32: Trojan-gen bei Routinescan mit AVAST gefunden! Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (5)
  3. PC langsam, hängt sich beim Surfen auf, Bluescreen, Advanced System Protector, Win32:Dropper-gen, Win32:Malware-gen, Win32:Rootkit-gen u.a.
    Log-Analyse und Auswertung - 07.02.2015 (12)
  4. Win32: Malware-Gen
    Plagegeister aller Art und deren Bekämpfung - 07.11.2014 (13)
  5. Win32:Malware-gen und Trojan.Win32.WinloadSDA.dewcdw und PUA.Win32.Packer.Upx-28 - falsch positive Meldungen?
    Plagegeister aller Art und deren Bekämpfung - 20.09.2014 (1)
  6. Win32:Malware-gen
    Plagegeister aller Art und deren Bekämpfung - 09.09.2014 (11)
  7. Avast findet win32:dropper-gen & win32:malware-gen
    Plagegeister aller Art und deren Bekämpfung - 19.04.2014 (24)
  8. Win32:Malware-gen
    Plagegeister aller Art und deren Bekämpfung - 07.12.2013 (5)
  9. Win32:Malware-Gen in DDS
    Plagegeister aller Art und deren Bekämpfung - 16.03.2013 (4)
  10. 3 Trojianer gefunden: Win32: Sirefef-AVF, JS: ScriptPE-inf, Win32: Malware-gen
    Log-Analyse und Auswertung - 02.02.2013 (4)
  11. Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (31)
  12. Win32:Malware-gen und Win32:Downloader-PKU.C:\Windows\System32\services.exe.Weitere Meldungen
    Log-Analyse und Auswertung - 12.09.2012 (10)
  13. Win32: Sirefef-AHF [Trj] und Win32: Malware-gen in C:\Windows\System32\services.exe Windows 7 64bit
    Log-Analyse und Auswertung - 31.08.2012 (16)
  14. Win32:Sirefef-AO [Rtk] und Win32:Malware-gen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (4)
  15. Win32:Sirefef-AO [Rtk] (Engine B) und Win32:Malware-Gen (Engine B) gefunden!
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (3)
  16. Win32:Malware-gen
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (1)
  17. Win32.Malware.BehavesLike
    Plagegeister aller Art und deren Bekämpfung - 12.07.2007 (5)

Zum Thema Win32:malware-gen - Huhu, Nachdem ich heute ein Problem mit BlueScreens hatte http://www.trojaner-board.de/108413-...tml#post758303 gab auch jetzt 2 Stunden später mein Avast Alarm. Screenshot liegt bei. Gefunden wurde 2x Win32.Malware-gen. Ich bitte um Hilfe, - Win32:malware-gen...

Alle Zeitangaben in WEZ +1. Es ist jetzt 16:32 Uhr.


Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: Win32:malware-gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.