Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win32:malware-gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.01.2012, 22:24   #1
DasKnuffel
 

Win32:malware-gen - Standard

Win32:malware-gen



Huhu,

Nachdem ich heute ein Problem mit BlueScreens hatte http://www.trojaner-board.de/108413-...tml#post758303 gab auch jetzt 2 Stunden später mein Avast Alarm.

Screenshot liegt bei. Gefunden wurde 2x Win32.Malware-gen.

Ich bitte um Hilfe, da ich Linux und Windows im Dualboot laufen habe, es wäre schlecht Windows neuaufzusetzen, da dies den GRUB von Linux zerschießen würde.

Meine Logfiles:

OTL (Extras.txt ist im Anhang)

Code:
ATTFilter
OTL logfile created on: 21.01.2012 22:16:30 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\DasKnuffel112\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 61,09% Memory free
8,21 Gb Paging File | 6,60 Gb Available in Paging File | 80,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 571,07 Gb Free Space | 95,79% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 286,06 Gb Free Space | 95,96% Space Free | Partition Type: NTFS
Drive F: | 961,73 Mb Total Space | 957,67 Mb Free Space | 99,58% Space Free | Partition Type: FAT
Drive G: | 465,76 Gb Total Space | 452,66 Gb Free Space | 97,19% Space Free | Partition Type: NTFS
 
Computer Name: SYSTEM-ADMIN-PC | User Name: System-Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.21 22:14:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\DasKnuffel112\Desktop\OTL.exe
PRC - [2011.12.21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.06.15 10:36:40 | 006,479,712 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RaUI.exe
PRC - [2010.06.01 13:37:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe
PRC - [2009.04.11 17:21:57 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010.06.14 14:38:44 | 000,984,416 | ---- | M] () -- C:\Program Files (x86)\Hama\Common\RaWLAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.28 19:01:23 | 000,127,192 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011.11.10 04:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008.01.21 03:49:41 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.11.16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.06.01 13:38:46 | 000,211,296 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2010.06.01 13:37:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.04.11 17:22:45 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.28 18:54:44 | 000,140,120 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.11.28 18:53:28 | 000,258,392 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.11.28 18:26:19 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2011.11.10 04:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.10 03:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.05.13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.02.24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.02.24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.30 08:01:08 | 000,392,296 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010.05.27 14:45:22 | 001,037,664 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.08.23 23:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2006.10.31 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.01.21 13:38:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.21 13:20:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.21 13:35:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.01.21 13:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\System-Admin\AppData\Roaming\mozilla\Extensions
[2012.01.21 17:10:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.21 17:10:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA593369-2305-4436-A251-C2EFAE91CB3C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg:  Malwarebytes Anti-Malware  - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.21 20:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\German Truck Simulator
[2012.01.21 20:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\German Truck Simulator
[2012.01.21 19:45:55 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2012.01.21 19:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2012.01.21 19:34:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.01.21 19:30:17 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\WinRAR
[2012.01.21 19:30:17 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.01.21 19:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.01.21 19:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.01.21 18:59:29 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ShotOnline
[2012.01.21 18:59:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShotOnline
[2012.01.21 18:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShotOnline
[2012.01.21 18:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2012.01.21 18:13:31 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.01.21 18:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.01.21 18:08:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.01.21 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.01.21 18:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012.01.21 18:08:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.01.21 18:08:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.01.21 18:06:44 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Windows Live
[2012.01.21 18:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012.01.21 18:05:55 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SerialSaver 2.2
[2012.01.21 18:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SerialSaver 2.2
[2012.01.21 18:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SerialSaver 2.2
[2012.01.21 17:59:29 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.01.21 17:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012.01.21 17:58:20 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Malwarebytes
[2012.01.21 17:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.21 17:58:14 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.21 17:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.21 17:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.21 17:43:59 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\ImgBurn
[2012.01.21 17:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012.01.21 17:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2012.01.21 17:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.01.21 17:39:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.21 17:10:33 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.01.21 17:10:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.01.21 17:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.01.21 17:10:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.01.21 17:09:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.01.21 17:09:36 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\Desktop\OpenOffice.org 3.3 (de) Installation Files
[2012.01.21 17:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.01.21 17:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.01.21 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Paint.NET
[2012.01.21 17:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012.01.21 15:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.01.21 15:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012.01.21 15:45:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2012.01.21 15:45:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2012.01.21 15:45:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2012.01.21 15:44:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2012.01.21 14:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.01.21 14:52:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.01.21 14:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012.01.21 14:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hama Wireless LAN
[2012.01.21 14:12:56 | 001,037,664 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\SysNative\drivers\netr28ux.sys
[2012.01.21 14:12:56 | 000,326,496 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2012.01.21 14:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\RalinkRT2870 Driver
[2012.01.21 14:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012.01.21 14:12:48 | 002,036,000 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RaCertMgr.dll
[2012.01.21 14:12:48 | 001,606,944 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RaCertMgr.dll
[2012.01.21 14:12:48 | 001,098,528 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAIHV.dll
[2012.01.21 14:12:48 | 001,098,528 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAIHV.dll
[2012.01.21 14:12:48 | 000,128,800 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysWow64\RAEXTUI.dll
[2012.01.21 14:12:48 | 000,128,800 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\RAEXTUI.dll
[2012.01.21 14:12:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RaLanguages
[2012.01.21 14:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hama
[2012.01.21 14:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.01.21 14:10:21 | 000,000,000 | ---D | C] -- C:\ATI Technologies
[2012.01.21 14:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[2012.01.21 14:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2012.01.21 14:05:52 | 000,392,296 | ---- | C] (Realtek                                            ) -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2012.01.21 14:05:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.01.21 14:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.01.21 14:04:44 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.01.21 14:04:44 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.01.21 14:04:44 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.01.21 14:04:44 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.01.21 14:04:44 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.01.21 14:04:43 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2012.01.21 14:04:43 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2012.01.21 14:04:43 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2012.01.21 14:04:43 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.01.21 14:04:39 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.01.21 14:04:39 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.01.21 14:04:39 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.01.21 14:04:39 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.01.21 14:04:39 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.01.21 14:04:39 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.01.21 14:04:36 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012.01.21 14:04:36 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012.01.21 14:04:36 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.01.21 14:04:36 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012.01.21 14:04:36 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012.01.21 14:04:36 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012.01.21 14:04:35 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.01.21 14:04:35 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012.01.21 14:04:34 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.01.21 14:04:34 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.01.21 14:04:30 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.01.21 14:04:29 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.01.21 14:04:29 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.01.21 14:04:29 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.01.21 14:04:29 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.01.21 14:04:28 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.01.21 14:04:28 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.01.21 14:04:28 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.01.21 14:04:28 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.01.21 14:04:28 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.01.21 14:04:28 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.01.21 14:04:28 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.01.21 14:04:28 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.01.21 14:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.01.21 14:04:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.01.21 14:04:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.01.21 14:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.01.21 14:04:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.01.21 14:03:42 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.01.21 14:01:01 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.01.21 14:01:01 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Searches
[2012.01.21 14:01:01 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.01.21 14:00:54 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Identities
[2012.01.21 14:00:53 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Contacts
[2012.01.21 14:00:52 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\VirtualStore
[2012.01.21 14:00:49 | 000,000,000 | --SD | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Videos
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Saved Games
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Pictures
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Music
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Links
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Favorites
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Downloads
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Documents
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\Desktop
[2012.01.21 14:00:49 | 000,000,000 | R--D | C] -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Vorlagen
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\AppData\Local\Verlauf
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\AppData\Local\Temporary Internet Files
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Startmenü
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\SendTo
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Recent
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Netzwerkumgebung
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Lokale Einstellungen
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Documents\Eigene Videos
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Documents\Eigene Musik
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Eigene Dateien
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Documents\Eigene Bilder
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Druckumgebung
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Cookies
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\AppData\Local\Anwendungsdaten
[2012.01.21 14:00:49 | 000,000,000 | -HSD | C] -- C:\Users\System-Admin\Anwendungsdaten
[2012.01.21 14:00:49 | 000,000,000 | -H-D | C] -- C:\Users\System-Admin\AppData
[2012.01.21 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Temp
[2012.01.21 14:00:49 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Microsoft
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.01.21 13:59:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.01.21 13:59:01 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2012.01.21 13:47:47 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\WindowsUpdate
[2012.01.21 13:44:12 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.01.21 13:42:56 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2012.01.21 13:41:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.01.21 13:41:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012.01.21 13:40:58 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.01.21 13:40:45 | 000,000,000 | -HSD | C] -- C:\Boot
[2012.01.21 13:39:49 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.01.21 13:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2012.01.21 13:39:48 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.01.21 13:39:46 | 000,140,120 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2012.01.21 13:39:11 | 000,258,392 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2012.01.21 13:39:10 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.01.21 13:39:10 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.01.21 13:39:10 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012.01.21 13:39:09 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.01.21 13:39:08 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.01.21 13:38:45 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2012.01.21 13:38:43 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.01.21 13:38:43 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.01.21 13:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.01.21 13:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.01.21 13:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.01.21 13:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2012.01.21 13:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012.01.21 13:28:46 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Mozilla
[2012.01.21 13:21:36 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Macromedia
[2012.01.21 13:21:36 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Roaming\Adobe
[2012.01.21 13:21:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.01.21 13:21:08 | 000,000,000 | ---D | C] -- C:\Users\System-Admin\AppData\Local\Mozilla
[2012.01.21 13:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.22 04:24:43 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012.01.21 22:12:52 | 000,000,000 | ---- | M] () -- C:\Users\System-Admin\defogger_reenable
[2012.01.21 21:22:50 | 001,445,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.21 21:22:50 | 000,628,430 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.21 21:22:50 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.21 21:22:50 | 000,126,236 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.21 21:22:50 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.21 21:17:35 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.21 21:17:35 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.21 21:17:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.21 19:31:46 | 000,300,676 | RHS- | M] () -- C:\AGWUD
[2012.01.21 19:13:10 | 000,256,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.21 18:59:29 | 000,000,887 | ---- | M] () -- C:\Users\System-Admin\Desktop\ShotOnline.lnk
[2012.01.21 18:34:53 | 000,057,654 | ---- | M] () -- C:\Windows\OEMLogo.bmp
[2012.01.21 17:59:29 | 000,001,116 | ---- | M] () -- C:\Users\System-Admin\Desktop\Revo Uninstaller.lnk
[2012.01.21 15:43:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.01.21 14:39:46 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2012.01.21 14:39:46 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2012.01.21 14:39:46 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2012.01.21 14:39:46 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2012.01.21 14:39:38 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.01.21 14:39:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.01.21 14:13:35 | 000,001,818 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2012.01.21 14:07:58 | 000,000,732 | ---- | M] () -- C:\Users\System-Admin\AppData\Local\d3d9caps64.dat
[2012.01.21 14:07:29 | 000,032,079 | ---- | M] () -- C:\Windows\Ascd_log.ini
[2012.01.21 14:02:48 | 000,024,280 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2012.01.21 14:02:37 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2012.01.21 13:46:14 | 000,292,781 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.01.21 13:45:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.01.21 13:39:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.01.21 13:16:07 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
 
========== Files Created - No Company Name ==========
 
[2012.01.22 04:24:41 | 000,000,001 | -HS- | C] () -- C:\BOOTNXT
[2012.01.21 22:12:52 | 000,000,000 | ---- | C] () -- C:\Users\System-Admin\defogger_reenable
[2012.01.21 19:31:46 | 000,300,676 | RHS- | C] () -- C:\AGWUD
[2012.01.21 18:59:29 | 000,000,887 | ---- | C] () -- C:\Users\System-Admin\Desktop\ShotOnline.lnk
[2012.01.21 18:11:52 | 000,001,229 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.01.21 18:11:07 | 000,001,298 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.01.21 18:10:37 | 000,002,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.01.21 17:59:29 | 000,001,116 | ---- | C] () -- C:\Users\System-Admin\Desktop\Revo Uninstaller.lnk
[2012.01.21 17:40:41 | 000,001,733 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012.01.21 17:08:02 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
[2012.01.21 15:43:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012.01.21 14:55:01 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012.01.21 14:55:01 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012.01.21 14:55:01 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012.01.21 14:55:01 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012.01.21 14:55:01 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2012.01.21 14:55:01 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2012.01.21 14:39:38 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.01.21 14:39:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.01.21 14:28:32 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2012.01.21 14:13:35 | 000,001,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hama Wireless LAN Utility.lnk
[2012.01.21 14:12:56 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.01.21 14:12:56 | 000,014,051 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2012.01.21 14:12:48 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2012.01.21 14:12:48 | 000,147,456 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.dll
[2012.01.21 14:12:48 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2012.01.21 14:12:48 | 000,000,451 | ---- | C] () -- C:\Windows\SysNative\DiagFunc.ini
[2012.01.21 14:09:12 | 000,057,654 | ---- | C] () -- C:\Windows\OEMLogo.bmp
[2012.01.21 14:05:52 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012.01.21 14:03:04 | 000,032,079 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.01.21 14:02:26 | 000,015,680 | ---- | C] () -- C:\Windows\SysNative\drivers\ASACPI.sys
[2012.01.21 14:02:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.01.21 14:02:20 | 000,024,280 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.01.21 14:01:05 | 000,000,949 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.01.21 14:01:02 | 000,000,979 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.01.21 14:01:01 | 000,000,974 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.01.21 14:00:53 | 000,000,915 | ---- | C] () -- C:\Users\System-Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.01.21 14:00:50 | 000,000,732 | ---- | C] () -- C:\Users\System-Admin\AppData\Local\d3d9caps64.dat
[2012.01.21 13:45:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.01.21 13:40:46 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012.01.21 13:40:45 | 000,367,472 | RHS- | C] () -- C:\bootmgr
[2012.01.21 13:39:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.01.21 13:35:19 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.01.21 13:30:17 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.01.21 13:30:17 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.01.21 13:30:16 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.01.21 13:30:16 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.01.21 13:20:50 | 000,000,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.21 13:16:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.04.11 17:22:12 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.11 17:21:25 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.04.11 17:21:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.04.11 17:21:18 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2009.02.19 04:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe
[2008.01.21 03:48:25 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:34:20 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2012.01.21 17:54:00 | 000,000,000 | ---D | M] -- C:\Users\System-Admin\AppData\Roaming\ImgBurn
[2012.01.21 21:16:27 | 000,010,144 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2012.01.21 13:31:19 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.21 14:10:21 | 000,000,000 | ---D | M] -- C:\ATI Technologies
[2012.01.22 04:24:41 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 16:39:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.01.21 13:59:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2008.01.21 04:03:12 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.21 19:30:15 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.21 20:19:22 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.21 17:58:14 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.01.21 13:59:17 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.01.21 22:17:27 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.21 13:31:03 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.21 21:15:26 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.21 15:20:24 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=0CC146C4ADDEA45791B18B1E2659F4A9 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_35be4fb214130ed1\afd.sys
[2009.04.11 17:21:32 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=12415CCFD3E7CEC55B5184E67B039FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_35f2572213ec5bd2\afd.sys
[2011.04.21 14:54:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=7B8E5F3A0626CA83B706F0738830845F -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_366a5ebb2d168a9d\afd.sys
[2011.04.21 14:42:48 | 000,407,552 | ---- | M] (Microsoft Corporation) MD5=9BB97042FA331A0FB4BDD98B9280A50A -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_33ef7c5016dab752\afd.sys
[2011.04.21 14:47:41 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=B53144D2EBB0843DD0436F5EA6953F65 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_34958b832fe3983b\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2009.04.11 17:21:45 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 17:21:45 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009.04.11 17:22:03 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 17:22:03 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 03:48:09 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:48:50 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 03:48:50 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 03:48:09 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:48:55 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:48:55 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:48:04 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:48:04 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:46:19 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:46:19 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:48:42 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:48:42 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 17:22:11 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 17:22:11 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009.04.11 17:22:36 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 17:22:36 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         
Einziger MBAM-Log

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.21.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
System-Admin :: SYSTEM-ADMIN-PC [Administrator]

21.01.2012 19:35:55
mbam-log-2012-01-21 (19-35-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 367898
Laufzeit: 36 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Alle Tools im Benutzerkonto, aber mit Administratorrechten ausgeführt.

Ich danke jetzt schonmal für die Hilfe
__________________
PC

Betriebssystem: Microsoft Windows 8.1

Smartphone:

Hardware: iPhone 5s | Betriebssystem: iOS 8.2

Geändert von DasKnuffel (21.01.2012 um 22:39 Uhr)

Alt 22.01.2012, 02:57   #2
Larusso
/// Selecta Jahrusso
 
Win32:malware-gen - Standard

Win32:malware-gen





Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.



Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
  • Klicke auf Durchsuchen
  • Kopiere nun folgendes in die Suchleiste.
    Code:
    ATTFilter
    C:\Windows\system32\wextract.exe
             
  • und klicke auf Öffnen.
  • Klicke auf Send File.
Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
Zitat:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.
__________________

__________________

Alt 22.01.2012, 06:46   #3
DasKnuffel
 

Win32:malware-gen - Standard

Win32:malware-gen



Guten Morgen,

https://www.virustotal.com/file/a04f7d6b69fbafb57d9571926008f7e615b486ddd1cf074ca0aec5dc4b795aa8/analysis/

Code:
ATTFilter
SHA256: 	a04f7d6b69fbafb57d9571926008f7e615b486ddd1cf074ca0aec5dc4b795aa8
Detection ratio: 	2 / 43
Analysis date: 	2012-01-22 05:43:23 UTC ( 2 minutes ago )
0
0


Antivirus 	Result 	Update
AhnLab-V3 	- 	20120121
AntiVir 	- 	20120120
Antiy-AVL 	- 	20120121
Avast 	Win32:Malware-gen 	20120121
AVG 	- 	20120122
BitDefender 	- 	20120122
ByteHero 	- 	20120120
CAT-QuickHeal 	- 	20120121
ClamAV 	- 	20120121
Commtouch 	- 	20120122
Comodo 	- 	20120121
DrWeb 	- 	20120122
Emsisoft 	- 	20120122
eSafe 	- 	20120120
eTrust-Vet 	- 	20120121
F-Prot 	- 	20120121
F-Secure 	- 	20120122
Fortinet 	- 	20120122
GData 	Win32:Malware-gen 	20120122
Ikarus 	- 	20120121
Jiangmin 	- 	20120121
K7AntiVirus 	- 	20120120
Kaspersky 	- 	20120122
McAfee 	- 	20120122
McAfee-GW-Edition 	- 	20120121
Microsoft 	- 	20120122
NOD32 	- 	20120122
Norman 	- 	20120121
nProtect 	- 	20120121
Panda 	- 	20120121
PCTools 	- 	20120122
Prevx 	- 	20120122
Rising 	- 	20120118
Sophos 	- 	20120122
SUPERAntiSpyware 	- 	20120121
Symantec 	- 	20120122
TheHacker 	- 	20120122
TrendMicro 	- 	20120122
TrendMicro-HouseCall 	- 	20120122
VBA32 	- 	20120120
VIPRE 	- 	20120122
ViRobot 	- 	20120121
VirusBuster 	- 	20120121
         
__________________
__________________

Geändert von DasKnuffel (22.01.2012 um 07:28 Uhr)

Alt 22.01.2012, 21:08   #4
Larusso
/// Selecta Jahrusso
 
Win32:malware-gen - Standard

Win32:malware-gen



Fehlalarm...
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 23.01.2012, 03:01   #5
DasKnuffel
 

Win32:malware-gen - Standard

Win32:malware-gen



Gut Danke

__________________
PC

Betriebssystem: Microsoft Windows 8.1

Smartphone:

Hardware: iPhone 5s | Betriebssystem: iOS 8.2

Antwort

Themen zu Win32:malware-gen
64-bit, administratorrechte, antivirus, autorun, avast, bho, dateisystem, defender, explorer, firefox, firewall, focus, format, helper, heuristiks/extra, heuristiks/shuriken, installation, malwarebytes, microsoft, mozilla, mozilla thunderbird, plug-in, problem, programme, realtek, required, rundll, scan, software, version=1.0, windows, winlogon, winlogon.exe, wlan.



Ähnliche Themen: Win32:malware-gen


  1. Win32:Malware-gen, Win32:Adware-gen, Win32:rookit-gen können nicht gelöscht werden
    Log-Analyse und Auswertung - 17.11.2015 (16)
  2. Win32: Malware-gen / Win32: Trojan-gen bei Routinescan mit AVAST gefunden! Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (5)
  3. PC langsam, hängt sich beim Surfen auf, Bluescreen, Advanced System Protector, Win32:Dropper-gen, Win32:Malware-gen, Win32:Rootkit-gen u.a.
    Log-Analyse und Auswertung - 07.02.2015 (12)
  4. Win32: Malware-Gen
    Plagegeister aller Art und deren Bekämpfung - 07.11.2014 (13)
  5. Win32:Malware-gen und Trojan.Win32.WinloadSDA.dewcdw und PUA.Win32.Packer.Upx-28 - falsch positive Meldungen?
    Plagegeister aller Art und deren Bekämpfung - 20.09.2014 (1)
  6. Win32:Malware-gen
    Plagegeister aller Art und deren Bekämpfung - 09.09.2014 (11)
  7. Avast findet win32:dropper-gen & win32:malware-gen
    Plagegeister aller Art und deren Bekämpfung - 19.04.2014 (24)
  8. Win32:Malware-gen
    Plagegeister aller Art und deren Bekämpfung - 07.12.2013 (5)
  9. Win32:Malware-Gen in DDS
    Plagegeister aller Art und deren Bekämpfung - 16.03.2013 (4)
  10. 3 Trojianer gefunden: Win32: Sirefef-AVF, JS: ScriptPE-inf, Win32: Malware-gen
    Log-Analyse und Auswertung - 02.02.2013 (4)
  11. Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (31)
  12. Win32:Malware-gen und Win32:Downloader-PKU.C:\Windows\System32\services.exe.Weitere Meldungen
    Log-Analyse und Auswertung - 12.09.2012 (10)
  13. Win32: Sirefef-AHF [Trj] und Win32: Malware-gen in C:\Windows\System32\services.exe Windows 7 64bit
    Log-Analyse und Auswertung - 31.08.2012 (16)
  14. Win32:Sirefef-AO [Rtk] und Win32:Malware-gen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (4)
  15. Win32:Sirefef-AO [Rtk] (Engine B) und Win32:Malware-Gen (Engine B) gefunden!
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (3)
  16. Win32:Malware-gen
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (1)
  17. Win32.Malware.BehavesLike
    Plagegeister aller Art und deren Bekämpfung - 12.07.2007 (5)

Zum Thema Win32:malware-gen - Huhu, Nachdem ich heute ein Problem mit BlueScreens hatte http://www.trojaner-board.de/108413-...tml#post758303 gab auch jetzt 2 Stunden später mein Avast Alarm. Screenshot liegt bei. Gefunden wurde 2x Win32.Malware-gen. Ich bitte um Hilfe, - Win32:malware-gen...
Archiv
Du betrachtest: Win32:malware-gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.