Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Malware im Quelltext

Malware im Quelltext


Plagegeister aller Art und deren Bekämpfung: Malware im Quelltext

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 04.03.2013, 19:58   #16
markusg
/// Malware-holic
 
Malware im Quelltext - Standard

Malware im Quelltext


deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
deinstaliere:
Adobe Reader XI
GIMP
Hexonic
Nvu
PaperPort

Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.03.2013, 09:42   #17
RittBorusse
 
Malware im Quelltext - Standard

Malware im Quelltext


AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 05/03/2013 um 09:39:05 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : RittBorusse - Z600-WORKSTATIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\RittBorusse\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [793 octets] - [05/03/2013 09:39:05]

########## EOF - C:\AdwCleaner[S1].txt - [852 octets] ##########
__________________
Alt 05.03.2013, 18:55   #18
markusg
/// Malware-holic
 
Malware im Quelltext - Standard

Malware im Quelltext


Hi,
HitmanPro - Download - Filepony
Laden, doppelklicken, Lizenz, Testlizenz.
Auf Scan, nichts löschen.
Auf Weiter, Log als XML exportieren und posten, bzw packen und anhängen
__________________
__________________
Alt 06.03.2013, 11:26   #19
RittBorusse
 
Malware im Quelltext - Standard

Malware im Quelltext


HitmanPro:

Code:
ATTFilter
HitmanPro 3.7.2.190
www.hitmanpro.com

   Computer name . . . . : Z600-WORKSTATIO
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Z600-WorkStatio\RittBorusse
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-03-06 11:23:19
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 0s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 19

   Objects scanned . . . : 847.783
   Files scanned . . . . : 9.896
   Remnants scanned  . . : 135.797 files / 702.090 keys

Cookies _____________________________________________________________________

   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:ad.360yield.com
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:ad.zanox.com
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:apmebf.com
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:at.atwola.com
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:casalemedia.com
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:collective-media.net
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:doubleclick.net
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:invitemedia.com
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:media6degrees.com
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:mediaplex.com
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:olympiaverlag.122.2o7.net
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:revsci.net
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:serving-sys.com
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:specificclick.net
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:statcounter.com
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:track.adform.net
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:tradedoubler.com
   C:\Users\RittBorusse\AppData\Roaming\Mozilla\Firefox\Profiles\ie3tjsxu.default\cookies.sqlite:zedo.com

Alt 06.03.2013, 17:32   #20
markusg
/// Malware-holic
 
Malware im Quelltext - Standard

Malware im Quelltext


sieht alles gut aus, abschließenes otl log bitte.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.03.2013, 09:23   #21
RittBorusse
 
Malware im Quelltext - Standard

Malware im Quelltext


OTL.txt:

Code:
ATTFilter
OTL logfile created on: 07.03.2013 09:10:19 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RittBorusse\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,42% Memory free
5,98 Gb Paging File | 4,73 Gb Available in Paging File | 79,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274,45 Gb Total Space | 222,38 Gb Free Space | 81,03% Space Free | Partition Type: NTFS
Drive D: | 505,53 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 465,76 Gb Total Space | 264,74 Gb Free Space | 56,84% Space Free | Partition Type: NTFS
 
Computer Name: Z600-WORKSTATIO | User Name: RittBorusse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.01 16:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RittBorusse\Desktop\OTL.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST\AvastSvc.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.07.22 00:00:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brss01a.exe
PRC - [2004.06.14 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\Windows\SysWOW64\brsvc01a.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.05 09:52:19 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2013.02.27 16:34:04 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004.06.14 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\Windows\SysWOW64\brsvc01a.exe -- (Brother XP spl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.15 18:42:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013.02.15 18:41:58 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 CC D4 A6 9D 0B CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST\WebRep\FF [2013.02.20 18:46:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 16:34:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 16:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.20 17:18:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 16:34:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 16:34:01 | 000,000,000 | ---D | M]
 
[2013.02.15 17:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RittBorusse\AppData\Roaming\mozilla\Extensions
[2013.02.20 18:46:48 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST\WEBREP\FF
 
O1 HOSTS File: ([2013.03.01 18:07:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKCU..\Run: [Installation Diagnostics] C:\Program Files (x86)\Brother\Brmfl05a\Brinstck.exe (Brother Industries, Ltd.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E91950-006E-4A36-B9C6-E1CBCBD53A6F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBAC76CE-B851-4EA9-8273-6536F63A789A}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.09.14 07:47:16 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig:64bit - StartUpReg: IndexSearch - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PaperPort PTD - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.07 09:04:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.06 12:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
[2013.03.06 12:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Jasc Software Inc
[2013.03.06 12:01:22 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Documents\Eigene PSP-Dateien
[2013.03.06 12:01:21 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Jasc Software Inc
[2013.03.06 11:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.03.06 10:07:35 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Diagnostics
[2013.03.06 08:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.03.06 08:39:21 | 009,565,552 | ---- | C] (SurfRight B.V.) -- C:\Users\RittBorusse\Desktop\HitmanPro_x64.exe
[2013.03.05 13:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2013.03.05 13:17:39 | 000,056,320 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\SysWow64\brinsstr.dll
[2013.03.05 13:17:22 | 000,055,296 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BrNetSti.dll
[2013.03.05 13:17:22 | 000,037,376 | ---- | C] (Brother Industries,Ltd) -- C:\Windows\SysWow64\Brnsplg.dll
[2013.03.05 13:17:22 | 000,034,816 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\SysWow64\BrWiaNCp.dll
[2013.03.05 13:17:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2013.03.05 13:17:20 | 000,163,840 | ---- | C] (brother) -- C:\Windows\SysWow64\NSSearch.dll
[2013.03.05 13:17:20 | 000,147,456 | ---- | C] (Brother Industries,Ltd.) -- C:\Windows\brunin03.dll
[2013.03.05 13:17:20 | 000,000,000 | ---D | C] -- C:\Brother
[2013.03.05 13:16:26 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\InstallShield
[2013.03.05 13:16:09 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Desktop\DCP-115C
[2013.03.05 12:44:47 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Desktop\mflpro
[2013.03.05 12:40:50 | 000,000,000 | ---D | C] -- C:\temp
[2013.03.05 10:21:13 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Virtual Machines
[2013.03.05 10:15:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2013.03.05 10:15:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2013.03.05 10:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2013.03.05 09:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2013.03.05 09:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macromedia Shared
[2013.03.05 09:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia
[2013.03.05 09:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macromedia
[2013.03.05 09:50:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Macromedia
[2013.03.05 09:25:08 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\AppData\Roaming\Brother
[2013.03.05 09:21:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.03.04 08:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.03 09:38:57 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Malwarebytes
[2013.03.03 09:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.03 09:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.03 09:38:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.03 09:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.01 18:28:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.01 18:09:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.01 18:03:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.01 18:03:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.01 18:03:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.01 18:03:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.01 18:03:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.01 18:00:29 | 005,035,876 | R--- | C] (Swearware) -- C:\Users\RittBorusse\Desktop\ComboFix.exe
[2013.03.01 17:41:42 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\RittBorusse\Desktop\tdsskiller.exe
[2013.03.01 17:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.03.01 17:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.01 16:51:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RittBorusse\Desktop\OTL.exe
[2013.02.28 15:36:40 | 000,188,928 | ---- | C] (Brother Industries,ltd) -- C:\Windows\SysNative\bsplmz01.exe
[2013.02.28 15:36:40 | 000,179,200 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrWia09a.dll
[2013.02.28 15:36:40 | 000,161,280 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\SysNative\bsplmz01.dll
[2013.02.28 15:36:40 | 000,057,344 | ---- | C] (brother Industries Ltd) -- C:\Windows\SysWow64\brsvc01a.exe
[2013.02.28 15:36:40 | 000,050,176 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrUsi09a.dll
[2013.02.28 15:36:40 | 000,045,056 | ---- | C] (brother Industries Ltd) -- C:\Windows\SysWow64\brss01a.exe
[2013.02.28 15:34:25 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\ElevatedDiagnostics
[2013.02.27 17:32:04 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jasc Software
[2013.02.27 17:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jasc Software Inc
[2013.02.27 17:30:10 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Desktop\PSP7
[2013.02.27 17:29:36 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\WinRAR
[2013.02.27 17:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.27 17:29:35 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.02.27 17:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.02.27 16:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.27 16:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.02.26 17:58:16 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\dvdcss
[2013.02.26 17:14:46 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Nvu
[2013.02.20 18:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.02.20 18:47:47 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.02.20 18:47:46 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.02.20 18:47:43 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.02.20 18:47:42 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.02.20 18:47:41 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.02.20 18:47:37 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.02.20 18:47:36 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.02.20 18:46:38 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.02.20 18:46:37 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013.02.20 18:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.02.20 18:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST
[2013.02.20 18:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jasc PaintShopPro
[2013.02.20 17:39:36 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Desktop\handball_andre
[2013.02.20 17:18:08 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Thunderbird
[2013.02.20 17:18:08 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Thunderbird
[2013.02.20 17:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.02.20 17:02:19 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.02.20 17:02:19 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\IrfanView
[2013.02.20 17:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2013.02.16 11:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.02.16 11:08:44 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\.thumbnails
[2013.02.16 11:07:39 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\fontconfig
[2013.02.16 11:07:38 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\gegl-0.2
[2013.02.16 11:07:38 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\.gimp-2.8
[2013.02.16 11:06:45 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Programs
[2013.02.16 10:59:06 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Desktop\Allianz
[2013.02.16 10:12:33 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Desktop\Hitman 2
[2013.02.16 10:11:13 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Desktop\Wacken 2009 - DVD
[2013.02.16 10:04:22 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2013.02.16 10:04:20 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Documents\My eBooks
[2013.02.16 10:04:20 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\InterTrust
[2013.02.16 10:04:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013.02.16 10:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.02.16 10:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.02.16 09:58:48 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Documents\Hexonic ScanToPDF Dokumente
[2013.02.16 09:58:38 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Hexonic_Software
[2013.02.16 09:58:37 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Hexonic Software
[2013.02.16 09:55:50 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Documents\Scanned Documents
[2013.02.16 09:55:49 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\Documents\Fax
[2013.02.16 09:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2013.02.16 09:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScanSoft
[2013.02.16 09:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.02.16 09:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2013.02.15 19:38:03 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\FileZilla
[2013.02.15 19:37:52 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.02.15 19:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013.02.15 19:27:03 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2013.02.15 19:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2013.02.15 19:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013.02.15 19:26:57 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Winamp
[2013.02.15 19:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013.02.15 19:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2013.02.15 19:12:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock
[2013.02.15 19:03:16 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\vlc
[2013.02.15 19:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.15 19:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.02.15 18:51:08 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\NVIDIA
[2013.02.15 18:50:56 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Risen
[2013.02.15 18:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.02.15 18:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.02.15 18:41:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2013.02.15 18:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.02.15 18:40:53 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.02.15 18:34:58 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.02.15 18:02:28 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Macromedia
[2013.02.15 18:02:28 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Macromedia
[2013.02.15 18:02:28 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Adobe
[2013.02.15 18:01:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.02.15 18:01:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.02.15 17:59:51 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Mozilla
[2013.02.15 17:59:51 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Mozilla
[2013.02.15 17:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.02.15 17:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.02.15 17:56:59 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\VirtualStore
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Vorlagen
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\AppData\Local\Verlauf
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\AppData\Local\Temporary Internet Files
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Startmenü
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\SendTo
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Recent
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Netzwerkumgebung
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Lokale Einstellungen
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Documents\Eigene Videos
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Documents\Eigene Musik
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Eigene Dateien
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Documents\Eigene Bilder
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Druckumgebung
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Cookies
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\AppData\Local\Anwendungsdaten
[2013.02.15 17:56:55 | 000,000,000 | -HSD | C] -- C:\Users\RittBorusse\Anwendungsdaten
[2013.02.15 17:56:53 | 000,000,000 | --SD | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Videos
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Searches
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Saved Games
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Pictures
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Music
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Links
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Favorites
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Downloads
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Documents
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Desktop
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\Contacts
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.02.15 17:56:53 | 000,000,000 | R--D | C] -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.02.15 17:56:53 | 000,000,000 | -H-D | C] -- C:\Users\RittBorusse\AppData
[2013.02.15 17:56:53 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Temp
[2013.02.15 17:56:53 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Local\Microsoft
[2013.02.15 17:56:53 | 000,000,000 | ---D | C] -- C:\Users\RittBorusse\AppData\Roaming\Identities
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.02.15 17:55:26 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.02.15 17:55:26 | 000,000,000 | ---D | C] -- C:\Recovery
[2013.02.15 17:55:22 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.07 08:44:52 | 000,016,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.07 08:44:52 | 000,016,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.07 08:44:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.06 14:35:38 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.06 14:35:38 | 000,645,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.06 14:35:38 | 000,607,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.06 14:35:38 | 000,126,822 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.06 14:35:38 | 000,103,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.06 14:31:08 | 2409,013,248 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.06 08:39:39 | 009,565,552 | ---- | M] (SurfRight B.V.) -- C:\Users\RittBorusse\Desktop\HitmanPro_x64.exe
[2013.03.05 13:18:20 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf05a.dat
[2013.03.05 12:57:04 | 000,000,039 | ---- | M] () -- C:\Windows\WININIT.INI
[2013.03.05 12:49:11 | 000,115,610 | ---- | M] () -- C:\Users\RittBorusse\Desktop\plakat_limbach.jpg
[2013.03.05 12:46:09 | 000,000,468 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.03.05 12:40:44 | 000,081,920 | ---- | M] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2013.03.05 09:38:11 | 000,597,667 | ---- | M] () -- C:\Users\RittBorusse\Desktop\adwcleaner.exe
[2013.03.05 09:23:17 | 000,251,521 | ---- | M] () -- C:\Users\RittBorusse\Desktop\plakat1.psp
[2013.03.05 09:10:03 | 000,018,605 | ---- | M] () -- C:\Users\RittBorusse\Desktop\563511_506575722715141_962190548_n.jpg
[2013.03.04 08:50:49 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.03 09:38:51 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 18:07:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.01 18:01:04 | 005,035,876 | R--- | M] (Swearware) -- C:\Users\RittBorusse\Desktop\ComboFix.exe
[2013.03.01 17:41:47 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\RittBorusse\Desktop\tdsskiller.exe
[2013.03.01 16:51:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RittBorusse\Desktop\OTL.exe
[2013.03.01 16:12:43 | 000,020,051 | ---- | M] () -- C:\Users\RittBorusse\AppData\Local\recently-used.xbel
[2013.02.28 15:37:48 | 000,000,030 | ---- | M] () -- C:\Windows\SysWow64\brss01a.ini
[2013.02.28 15:37:47 | 000,000,184 | ---- | M] () -- C:\Windows\SysWow64\brsvc01a.bsi
[2013.02.28 15:37:47 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2013.02.27 21:11:33 | 000,111,716 | ---- | M] () -- C:\Users\RittBorusse\Desktop\plakat1.jpg
[2013.02.26 17:06:09 | 000,274,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.20 18:47:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.02.20 18:10:15 | 000,002,828 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2013.02.16 11:35:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.16 11:35:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.15 18:42:00 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2013.02.15 18:41:58 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2013.02.15 17:45:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.02.15 17:45:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2013.03.05 13:17:20 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2013.03.05 13:17:20 | 000,006,224 | ---- | C] () -- C:\Windows\CVRPAGE.bmp
[2013.03.05 12:57:04 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2013.03.05 12:49:10 | 000,115,610 | ---- | C] () -- C:\Users\RittBorusse\Desktop\plakat_limbach.jpg
[2013.03.05 12:40:44 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2013.03.05 09:38:04 | 000,597,667 | ---- | C] () -- C:\Users\RittBorusse\Desktop\adwcleaner.exe
[2013.03.05 09:10:01 | 000,018,605 | ---- | C] () -- C:\Users\RittBorusse\Desktop\563511_506575722715141_962190548_n.jpg
[2013.03.04 08:50:49 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.03 09:38:51 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 18:03:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.01 18:03:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.01 18:03:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.01 18:03:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.01 18:03:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.01 17:48:35 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Startup.cpl
[2013.03.01 16:12:43 | 000,020,051 | ---- | C] () -- C:\Users\RittBorusse\AppData\Local\recently-used.xbel
[2013.02.28 15:37:49 | 000,000,050 | ---- | C] () -- C:\Windows\SysNative\bridf05a.dat
[2013.02.28 15:37:48 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\brss01a.ini
[2013.02.28 15:37:47 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.02.28 15:37:47 | 000,000,184 | ---- | C] () -- C:\Windows\SysWow64\brsvc01a.bsi
[2013.02.28 15:37:47 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2013.02.27 21:11:33 | 000,111,716 | ---- | C] () -- C:\Users\RittBorusse\Desktop\plakat1.jpg
[2013.02.27 17:55:07 | 000,251,521 | ---- | C] () -- C:\Users\RittBorusse\Desktop\plakat1.psp
[2013.02.20 18:47:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.02.20 18:09:47 | 000,002,828 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2013.02.16 11:35:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.02.16 11:35:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.16 11:01:02 | 000,000,000 | ---- | C] () -- C:\Windows\cs3marked32
[2013.02.16 10:21:00 | 4083,433,472 | ---- | C] () -- C:\Users\RittBorusse\Desktop\Der.Herr.der.Ringe.Die.Rückkehr.des.Königs.Extended.Edition.German.AC3.HDRip.XViD.avi
[2013.02.16 10:16:59 | 3141,494,784 | ---- | C] () -- C:\Users\RittBorusse\Desktop\Der.Herr.der.Ringe.Die.Gefaehrten.Extended.Edition.German.AC3.HDRip.XViD-FuN.avi
[2013.02.16 10:11:15 | 3141,414,912 | ---- | C] () -- C:\Users\RittBorusse\Desktop\Der.Herr.der.Ringe.2.Die.Zwei.Tuerme.Extended.Edition.German.AC3.HDRip.XViD-FuN.avi
[2013.02.16 10:04:25 | 000,001,270 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader 5.0.lnk
[2013.02.15 18:41:59 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2013.02.15 18:41:58 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2013.02.15 17:59:38 | 000,000,943 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.02.15 17:56:54 | 000,001,446 | ---- | C] () -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.02.15 17:56:54 | 000,001,412 | ---- | C] () -- C:\Users\RittBorusse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.05 10:47:24 | 000,000,000 | ---D | M] -- C:\Users\RittBorusse\AppData\Roaming\FileZilla
[2013.02.16 09:59:17 | 000,000,000 | ---D | M] -- C:\Users\RittBorusse\AppData\Roaming\Hexonic Software
[2013.02.16 10:04:20 | 000,000,000 | ---D | M] -- C:\Users\RittBorusse\AppData\Roaming\InterTrust
[2013.02.20 17:02:19 | 000,000,000 | ---D | M] -- C:\Users\RittBorusse\AppData\Roaming\IrfanView
[2013.02.26 17:15:23 | 000,000,000 | ---D | M] -- C:\Users\RittBorusse\AppData\Roaming\Nvu
[2013.02.20 17:18:08 | 000,000,000 | ---D | M] -- C:\Users\RittBorusse\AppData\Roaming\Thunderbird
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.03.05 11:02:21 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2013.03.05 13:17:20 | 000,000,000 | ---D | M] -- C:\Brother
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2013.02.15 17:55:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.03.06 11:22:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.03.07 09:04:08 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.03.06 08:39:47 | 000,000,000 | ---D | M] -- C:\ProgramData
[2013.02.15 17:55:26 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.03.01 18:09:22 | 000,000,000 | ---D | M] -- C:\Qoobox
[2013.02.15 17:55:26 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.12.03 10:27:53 | 000,000,000 | ---D | M] -- C:\RPKTools
[2013.03.07 09:11:11 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.03.05 12:40:50 | 000,000,000 | ---D | M] -- C:\temp
[2012.12.03 10:27:53 | 000,000,000 | ---D | M] -- C:\Tools
[2013.03.05 11:01:20 | 000,000,000 | R--D | M] -- C:\Users
[2013.03.06 14:31:25 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,013,230 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\erdnt\cache86\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.03.07 09:12:18 | 001,835,008 | -HS- | M] () -- C:\Users\RittBorusse\NTUSER.DAT
[2013.03.07 09:12:18 | 000,262,144 | -HS- | M] () -- C:\Users\RittBorusse\ntuser.dat.LOG1
[2013.02.15 17:56:55 | 000,000,000 | -HS- | M] () -- C:\Users\RittBorusse\ntuser.dat.LOG2
[2013.02.15 18:58:12 | 000,065,536 | -HS- | M] () -- C:\Users\RittBorusse\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2013.02.15 18:58:12 | 000,524,288 | -HS- | M] () -- C:\Users\RittBorusse\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2013.02.15 18:58:12 | 000,524,288 | -HS- | M] () -- C:\Users\RittBorusse\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.11.21 03:50:53 | 000,000,020 | -HS- | M] () -- C:\Users\RittBorusse\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >

Alt 08.03.2013, 20:39   #22
markusg
/// Malware-holic
 
Malware im Quelltext - Standard

Malware im Quelltext


Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort
Seite 2 von 2 1 2

Themen zu Malware im Quelltext
anzeige, anzeigen, board, browser, dauerhaft, google, infos, jahre, laufen, malware, melde, neuling, nichts, online, platt, probleme, programme, programmen, quelltext, sache, seite, server, webseite, woche, wohnung


« Noch ein Trojaner beim Postbank Online Banking | GVU Pc Bildschirm gesperrt WIN 7 »


Ähnliche Themen: Malware im Quelltext


  1. Unistall-Vo-package (Malware/Virus?) bei Win7 64 bit /Malware-Adware gelöscht -Danke!
    Lob, Kritik und Wünsche - 06.07.2014 (1)
  2. Trojaner und Malware auf meinem Laptop! Malwarebytes Anti-Malware hat 733 aufgespuert
    Plagegeister aller Art und deren Bekämpfung - 12.12.2013 (19)
  3. Ein paar 'leere' E-Mails bekommen. Betreff: 'schauen Zahlung', seltsamer Quelltext?
    Überwachung, Datenschutz und Spam - 06.12.2013 (8)
  4. malware: antivirus security pro -anty-malware lässt sich nicht installieren
    Plagegeister aller Art und deren Bekämpfung - 03.10.2013 (15)
  5. Malware trotz OS X Internet Reccovery - VM Malware? Ubuntu in EFI ? Win7 im gleichen Netz infiziert
    Alles rund um Mac OSX & Linux - 26.06.2013 (5)
  6. Malware Yontoo // Malwarebytes-Anti-Malware-Programm keine identifizierte Datei gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (14)
  7. email link Malware Funde Heur.PE@4294967295, Malware@#nwdk01o66rpro, Malware@#2x6qrvr63cjrw
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (10)
  8. Virus/Malware verhindert Installation/Start jeglicher Anti-Malware/Virusprogramme
    Plagegeister aller Art und deren Bekämpfung - 03.02.2012 (17)
  9. Log-Analyse nach Trojaner/Malware befall (Malware.Trace / Trojan.BHO)
    Log-Analyse und Auswertung - 26.09.2011 (16)
  10. Browser zeigt nur Quelltext
    Plagegeister aller Art und deren Bekämpfung - 25.06.2011 (1)
  11. Malware Spyware.passwords.xgen durch Malwarebyte Anti-Malware erkannt.
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (50)
  12. Rätselhafter Mailversand - Malware.Packer.Gen, Trojan.Patched und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 03.11.2010 (25)
  13. Kann Malware nicht löschen! Trojan.Agent und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 18.06.2010 (19)
  14. Wurde diese Myspace Seite gehackt ? Aus Quelltext erkennbar ?
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (0)
  15. Trojaner schreibt sich bei jedem Booten in den Quelltext meiner Webseiten
    Plagegeister aller Art und deren Bekämpfung - 17.02.2010 (12)
  16. merkwürdiger Quelltext
    Mülltonne - 02.11.2008 (2)
  17. Superwurm mit öffentlichem Quelltext
    Plagegeister aller Art und deren Bekämpfung - 16.05.2004 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Malware im Quelltext - deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. deinstaliere: Adobe Reader XI GIMP Hexonic Nvu PaperPort Öffne CCleaner, analysieren, starten, PC neustarten Downloade - Malware im Quelltext...
Archiv
Du betrachtest: Malware im Quelltext auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131