Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Win32:malware-gen (https://www.trojaner-board.de/108417-win32-malware-gen.html)

DasKnuffel 21.01.2012 22:24
Win32:malware-gen
 
Huhu,

Nachdem ich heute ein Problem mit BlueScreens hatte http://www.trojaner-board.de/108413-...tml#post758303 gab auch jetzt 2 Stunden später mein Avast Alarm.:killpc:

Screenshot liegt bei. Gefunden wurde 2x Win32.Malware-gen.

Ich bitte um Hilfe, da ich Linux und Windows im Dualboot laufen habe, es wäre schlecht Windows neuaufzusetzen, da dies den GRUB von Linux zerschießen würde.

Meine Logfiles:

OTL (Extras.txt ist im Anhang)

Code:
OTL logfile created on: 21.01.2012 22:16:30 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\DasKnuffel112\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 61,09% Memory free
8,21 Gb Paging File | 6,60 Gb Available in Paging File | 80,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 571,07 Gb Free Space | 95,79% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 286,06 Gb Free Space | 95,96% Space Free | Partition Type: NTFS
Drive F: | 961,73 Mb Total Space | 957,67 Mb Free Space | 99,58% Space Free | Partition Type: FAT
Drive G: | 465,76 Gb Total Space | 452,66 Gb Free Space | 97,19% Space Free | Partition Type: NTFS
 
Computer Name: SYSTEM-ADMIN-PC | User Name: System-Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.21 22:14:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DasKnuffel112\Desktop\OTL.exe
PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.06.15 10:36:40 | 006,479,712 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RaUI.exe
PRC - [2010.06.01 13:37:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe
PRC - [2009.04.11 17:21:57 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010.06.14 14:38:44 | 000,984,416 | ---- | M] () -- C:\Program Files (x86)\Hama\Common\RaWLAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.28 19:01:23 | 000,127,192 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011.11.10 04:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008.01.21 03:49:41 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.11.16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.06.01 13:38:46 | 000,211,296 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2010.06.01 13:37:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.04.11 17:22:45 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.28 18:54:44 | 000,140,120 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.11.28 18:53:28 | 000,258,392 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.11.28 18:26:19 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2011.11.10 04:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.10 03:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.05.13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.02.24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.02.24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.30 08:01:08 | 000,392,296 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010.05.27 14:45:22 | 001,037,664 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.08.23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2006.10.31 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.01.21 13:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.21 13:20:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.21 13:35:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.01.21 13:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\System-Admin\AppData\Roaming\mozilla\Extensions
[2012.01.21 17:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.21 17:10:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA593369-2305-4436-A251-C2EFAE91CB3C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Malwarebytes Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.21 20:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\German Truck Simulator
[2012.01.21 20:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\German Truck Simulator
[2012.01.21 19:45:55 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2012.01.21 19:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2012.01.21 19:34:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.01.21 19:30:17 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\WinRAR
[2012.01.21 19:30:17 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.01.21 19:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.01.21 19:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.01.21 18:59:29 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShotOnline
[2012.01.21 18:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShotOnline
[2012.01.21 18:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShotOnline
[2012.01.21 18:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2012.01.21 18:13:31 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.01.21 18:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.01.21 18:08:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.01.21 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.01.21 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.01.21 18:08:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.01.21 18:08:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.01.21 18:06:44 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Windows Live
[2012.01.21 18:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012.01.21 18:05:55 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SerialSaver 2.2
[2012.01.21 18:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SerialSaver 2.2
[2012.01.21 18:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SerialSaver 2.2
[2012.01.21 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.01.21 17:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012.01.21 17:58:20 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Malwarebytes
[2012.01.21 17:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.21 17:58:14 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.21 17:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.21 17:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.21 17:43:59 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\ImgBurn
[2012.01.21 17:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012.01.21 17:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012.01.21 17:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.01.21 17:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.21 17:10:33 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.01.21 17:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.01.21 17:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.01.21 17:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.01.21 17:09:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.01.21 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\Desktop\OpenOffice.org 3.3 (de) Installation Files
[2012.01.21 17:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.01.21 17:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.01.21 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Paint.NET
[2012.01.21 17:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012.01.21 15:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.01.21 15:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012.01.21 15:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2012.01.21 15:45:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2012.01.21 15:45:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2012.01.21 15:44:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.01.21 14:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.01.21 14:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.01.21 14:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012.01.21 14:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hama Wireless LAN
[2012.01.21 14:12:56 | 001,037,664 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2012.01.21 14:12:56 | 000,326,496 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2012.01.21 14:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\RalinkRT2870 Driver
[2012.01.21 14:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012.01.21 14:12:48 | 002,036,000 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RaCertMgr.dll
[2012.01.21 14:12:48 | 001,606,944 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RaCertMgr.dll
[2012.01.21 14:12:48 | 001,098,528 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAIHV.dll
[2012.01.21 14:12:48 | 001,098,528 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAIHV.dll
[2012.01.21 14:12:48 | 000,128,800 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAEXTUI.dll
[2012.01.21 14:12:48 | 000,128,800 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAEXTUI.dll
[2012.01.21 14:12:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RaLanguages
[2012.01.21 14:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hama
[2012.01.21 14:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.01.21 14:10:21 | 000,000,000 | ---D | C] -- C:\ATI Technologies
[2012.01.21 14:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[2012.01.21 14:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2012.01.21 14:05:52 | 000,392,296 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2012.01.21 14:05:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.01.21 14:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.01.21 14:04:44 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.01.21 14:04:44 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.01.21 14:04:44 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.01.21 14:04:44 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.01.21 14:04:44 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.01.21 14:04:43 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2012.01.21 14:04:43 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2012.01.21 14:04:43 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2012.01.21 14:04:43 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.01.21 14:04:39 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.01.21 14:04:39 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.01.21 14:04:39 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.01.21 14:04:39 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.01.21 14:04:39 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.01.21 14:04:39 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.01.21 14:04:36 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012.01.21 14:04:36 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012.01.21 14:04:36 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.01.21 14:04:36 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012.01.21 14:04:36 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012.01.21 14:04:36 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012.01.21 14:04:35 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.01.21 14:04:35 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012.01.21 14:04:34 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.01.21 14:04:34 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.01.21 14:04:30 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.01.21 14:04:29 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.01.21 14:04:29 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.01.21 14:04:29 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.01.21 14:04:29 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.01.21 14:04:28 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.01.21 14:04:28 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.01.21 14:04:28 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.01.21 14:04:28 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.01.21 14:04:28 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.01.21 14:04:28 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.01.21 14:04:28 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.01.21 14:04:28 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.01.21 14:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.01.21 14:04:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.01.21 14:04:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.01.21 14:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.01.21 14:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.01.21 14:03:42 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.01.21 14:01:01 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.01.21 14:01:01 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Searches
[2012.01.21 14:01:01 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.01.21 14:00:54 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Identities
[2012.01.21 14:00:53 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Contacts
[2012.01.21 14:00:52 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\VirtualStore
[2012.01.21 14:00:49 | 000,000,000 | --SD | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Videos
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Saved Games
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Pictures
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Music
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Links
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Favorites
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Downloads
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Documents
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Desktop
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Vorlagen
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\AppData\Local\Verlauf
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\AppData\Local\Temporary Internet Files
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Startmenü
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\SendTo
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Recent
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Netzwerkumgebung
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Lokale Einstellungen
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Documents\Eigene Videos
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Documents\Eigene Musik
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Eigene Dateien
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Documents\Eigene Bilder
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Druckumgebung
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Cookies
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\AppData\Local\Anwendungsdaten
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Anwendungsdaten
[2012.01.21 14:00:49 | 000,000,000 | -H-D | C] -- C:\Users\System-Admin\AppData
[2012.01.21 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Temp
[2012.01.21 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Microsoft
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.01.21 13:59:01 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012.01.21 13:47:47 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\WindowsUpdate
[2012.01.21 13:44:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.01.21 13:42:56 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012.01.21 13:41:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.01.21 13:41:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.01.21 13:40:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.01.21 13:40:45 | 000,000,000 | -HSD | C] -- C:\Boot
[2012.01.21 13:39:49 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.01.21 13:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.01.21 13:39:48 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.01.21 13:39:46 | 000,140,120 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.01.21 13:39:11 | 000,258,392 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.01.21 13:39:10 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.01.21 13:39:10 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.01.21 13:39:10 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012.01.21 13:39:09 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.01.21 13:39:08 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.01.21 13:38:45 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012.01.21 13:38:43 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.01.21 13:38:43 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.01.21 13:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.01.21 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.01.21 13:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.01.21 13:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2012.01.21 13:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012.01.21 13:28:46 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Mozilla
[2012.01.21 13:21:36 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Macromedia
[2012.01.21 13:21:36 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Adobe
[2012.01.21 13:21:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.01.21 13:21:08 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Mozilla
[2012.01.21 13:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.22 04:24:43 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012.01.21 22:12:52 | 000,000,000 | ---- | M] () -- C:\Users\System-Admin\defogger_reenable
[2012.01.21 21:22:50 | 001,445,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.21 21:22:50 | 000,628,430 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.21 21:22:50 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.21 21:22:50 | 000,126,236 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.21 21:22:50 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.21 21:17:35 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.21 21:17:35 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.21 21:17:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.21 19:31:46 | 000,300,676 | RHS- | M] () -- C:\AGWUD
[2012.01.21 19:13:10 | 000,256,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.21 18:59:29 | 000,000,887 | ---- | M] () -- C:\Users\System-Admin\Desktop\ShotOnline.lnk
[2012.01.21 18:34:53 | 000,057,654 | ---- | M] () -- C:\Windows\OEMLogo.bmp
[2012.01.21 17:59:29 | 000,001,116 | ---- | M] () -- C:\Users\System-Admin\Desktop\Revo Uninstaller.lnk
[2012.01.21 15:43:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.01.21 14:39:46 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2012.01.21 14:39:46 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2012.01.21 14:39:46 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2012.01.21 14:39:46 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2012.01.21 14:39:38 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.01.21 14:39:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.01.21 14:13:35 | 000,001,818 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2012.01.21 14:07:58 | 000,000,732 | ---- | M] () -- C:\Users\System-Admin\AppData\Local\d3d9caps64.dat
[2012.01.21 14:07:29 | 000,032,079 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2012.01.21 14:02:48 | 000,024,280 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012.01.21 14:02:37 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012.01.21 13:46:14 | 000,292,781 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.01.21 13:45:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.01.21 13:39:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.01.21 13:16:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
 
========== Files Created - No Company Name ==========
 
[2012.01.22 04:24:41 | 000,000,001 | -HS- | C] () -- C:\BOOTNXT
[2012.01.21 22:12:52 | 000,000,000 | ---- | C] () -- C:\Users\System-Admin\defogger_reenable
[2012.01.21 19:31:46 | 000,300,676 | RHS- | C] () -- C:\AGWUD
[2012.01.21 18:59:29 | 000,000,887 | ---- | C] () -- C:\Users\System-Admin\Desktop\ShotOnline.lnk
[2012.01.21 18:11:52 | 000,001,229 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.01.21 18:11:07 | 000,001,298 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.01.21 18:10:37 | 000,002,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.01.21 17:59:29 | 000,001,116 | ---- | C] () -- C:\Users\System-Admin\Desktop\Revo Uninstaller.lnk
[2012.01.21 17:40:41 | 000,001,733 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012.01.21 17:08:02 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012.01.21 15:43:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.01.21 14:55:01 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012.01.21 14:55:01 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012.01.21 14:55:01 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012.01.21 14:55:01 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012.01.21 14:55:01 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2012.01.21 14:55:01 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2012.01.21 14:39:38 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.01.21 14:39:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.01.21 14:28:32 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2012.01.21 14:13:35 | 000,001,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2012.01.21 14:12:56 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.01.21 14:12:56 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2012.01.21 14:12:48 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012.01.21 14:12:48 | 000,147,456 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.dll
[2012.01.21 14:12:48 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012.01.21 14:12:48 | 000,000,451 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.ini
[2012.01.21 14:09:12 | 000,057,654 | ---- | C] () -- C:\Windows\OEMLogo.bmp
[2012.01.21 14:05:52 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012.01.21 14:03:04 | 000,032,079 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.01.21 14:02:26 | 000,015,680 | ---- | C] () -- C:\Windows\SysNative\drivers\ASACPI.sys
[2012.01.21 14:02:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.01.21 14:02:20 | 000,024,280 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.01.21 14:01:05 | 000,000,949 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.01.21 14:01:02 | 000,000,979 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.01.21 14:01:01 | 000,000,974 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.01.21 14:00:53 | 000,000,915 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.01.21 14:00:50 | 000,000,732 | ---- | C] () -- C:\Users\System-Admin\AppData\Local\d3d9caps64.dat
[2012.01.21 13:45:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.01.21 13:40:46 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012.01.21 13:40:45 | 000,367,472 | RHS- | C] () -- C:\bootmgr
[2012.01.21 13:39:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.01.21 13:35:19 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.01.21 13:30:17 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.01.21 13:30:17 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.01.21 13:30:16 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.01.21 13:30:16 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.01.21 13:20:50 | 000,000,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.21 13:16:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.04.11 17:22:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.11 17:21:25 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.04.11 17:21:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.04.11 17:21:18 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009.02.19 04:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe
[2008.01.21 03:48:25 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:34:20 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2012.01.21 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\System-Admin\AppData\Roaming\ImgBurn
[2012.01.21 21:16:27 | 000,010,144 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012.01.21 13:31:19 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.21 14:10:21 | 000,000,000 | ---D | M] -- C:\ATI Technologies
[2012.01.22 04:24:41 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 16:39:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.01.21 13:59:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.01.21 04:03:12 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.21 19:30:15 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.21 20:19:22 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.21 17:58:14 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.01.21 13:59:17 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.01.21 22:17:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.21 13:31:03 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.21 21:15:26 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys
[2009.04.11 17:21:32 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=12415CCFD3E7CEC55B5184E67B039FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys
[2011.04.21 14:54:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=7B8E5F3A0626CA83B706F0738830845F -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys
[2011.04.21 14:42:48 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=9BB97042FA331A0FB4BDD98B9280A50A -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys
[2011.04.21 14:47:41 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B53144D2EBB0843DD0436F5EA6953F65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2009.04.11 17:21:45 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 17:21:45 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009.04.11 17:22:03 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 17:22:03 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 03:48:09 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:48:50 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 03:48:50 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 03:48:09 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:48:55 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:48:55 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:48:04 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:48:04 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:46:19 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:46:19 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:48:42 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:48:42 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 17:22:11 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 17:22:11 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 17:22:36 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 17:22:36 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
Einziger MBAM-Log

Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.21.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
System-Admin :: SYSTEM-ADMIN-PC [Administrator]

21.01.2012 19:35:55
mbam-log-2012-01-21 (19-35-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 367898
Laufzeit: 36 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Alle Tools im Benutzerkonto, aber mit Administratorrechten ausgeführt.

Ich danke jetzt schonmal für die Hilfe :bussi:

Larusso 22.01.2012 02:57
:hallo:

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.



Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    C:\Windows\system32\wextract.exe
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.

DasKnuffel 22.01.2012 06:46
Guten Morgen,

https://www.virustotal.com/file/a04f7d6b69fbafb57d9571926008f7e615b486ddd1cf074ca0aec5dc4b795aa8/analysis/

Code:
SHA256:        a04f7d6b69fbafb57d9571926008f7e615b486ddd1cf074ca0aec5dc4b795aa8
Detection ratio:        2 / 43
Analysis date:        2012-01-22 05:43:23 UTC ( 2 minutes ago )
0
0


Antivirus        Result        Update
AhnLab-V3        -        20120121
AntiVir        -        20120120
Antiy-AVL        -        20120121
Avast        Win32:Malware-gen        20120121
AVG        -        20120122
BitDefender        -        20120122
ByteHero        -        20120120
CAT-QuickHeal        -        20120121
ClamAV        -        20120121
Commtouch        -        20120122
Comodo        -        20120121
DrWeb        -        20120122
Emsisoft        -        20120122
eSafe        -        20120120
eTrust-Vet        -        20120121
F-Prot        -        20120121
F-Secure        -        20120122
Fortinet        -        20120122
GData        Win32:Malware-gen        20120122
Ikarus        -        20120121
Jiangmin        -        20120121
K7AntiVirus        -        20120120
Kaspersky        -        20120122
McAfee        -        20120122
McAfee-GW-Edition        -        20120121
Microsoft        -        20120122
NOD32        -        20120122
Norman        -        20120121
nProtect        -        20120121
Panda        -        20120121
PCTools        -        20120122
Prevx        -        20120122
Rising        -        20120118
Sophos        -        20120122
SUPERAntiSpyware        -        20120121
Symantec        -        20120122
TheHacker        -        20120122
TrendMicro        -        20120122
TrendMicro-HouseCall        -        20120122
VBA32        -        20120120
VIPRE        -        20120122
ViRobot        -        20120121
VirusBuster        -        20120121

Larusso 22.01.2012 21:08
Fehlalarm...

DasKnuffel 23.01.2012 03:01
Gut Danke :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131