Facebook Trojaner

paolo6 · 25.10.2011, 15:48

Hallo,
wie ich schon in anderen Beiträgen gelesen habe,haben mehrere auf den Facebooklink geklickt-mich eingeschlossen.
Hier ist das Miststück:hxxp://www.ukseikatsu.com/images/images.php?image=IMG07835693.JPG
Seitdem werde ich dauernd zu Werbeseiten weitergeleitet und mein Internet funktioniert nicht mehr richtig,soll heißen es ist langsamer.
Ich hoffe ihr lieben Leute in diesem Board könnt mir helfen,ich wäre euch wirklich sehr dankbar!

Ich hänge noch ein paar Scans an:

nochmal nach anweisung,leider zu groß als anhang:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.10.2011 18:28:28 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Paolo\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,16% Memory free
7,43 Gb Paging File | 6,17 Gb Available in Paging File | 83,09% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 41,40 Gb Free Space | 17,78% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,29% Space Free | Partition Type: NTFS
Drive L: | 297,99 Gb Total Space | 15,58 Gb Free Space | 5,23% Space Free | Partition Type: NTFS
 
Computer Name: PAOLO-PC | User Name: Paolo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.25 16:28:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Paolo\Downloads\OTL.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.05.21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.03.29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.03.13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008.01.19 00:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.04.11 00:28:24 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.03.29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.12.22 11:52:16 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008.03.13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (ALSysIO)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.04.25 13:17:36 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.02.20 21:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010.05.28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.03.22 18:56:36 | 000,004,484 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\cpuidlep.sys -- (cpuidlep)
DRV - [2010.02.27 17:08:59 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.10 22:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008.03.07 13:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.12.17 17:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007.11.18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.07.11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007.07.11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007.07.11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006.10.18 13:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005.03.04 19:15:54 | 000,077,072 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k600obex.sys -- (k600obex)
DRV - [2005.03.04 19:13:46 | 000,079,248 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k600mgmt.sys -- (k600mgmt)
DRV - [2005.03.04 19:11:26 | 000,087,456 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k600mdm.sys -- (k600mdm)
DRV - [2005.03.04 19:11:20 | 000,006,096 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k600mdfl.sys -- (k600mdfl)
DRV - [2005.03.04 19:08:50 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k600bus.sys -- (k600bus) Sony Ericsson 600i driver (WDM)
DRV - [2004.01.28 16:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.01 22:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.25 15:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.20 17:37:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.01 22:31:08 | 000,000,000 | ---D | M]
 
[2011.10.25 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paolo\AppData\Roaming\mozilla\Extensions
[2011.10.25 15:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paolo\AppData\Roaming\mozilla\Firefox\Profiles\csp8czxl.default\extensions
[2011.10.25 14:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.15 22:03:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.09.29 09:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.15 22:03:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.05 14:16:05 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 15:41:40 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.09.08 09:50:01 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.15 15:31:55 | 000,391,971 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 13541 more lines...
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: New Application = C:\Users\Paolo\Desktop\standard prog\Core Temp.exe ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B312908-BB77-43FD-9B45-3F2A7F0B5E48}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Paolo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Paolo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - L:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8cdee513-23c4-11df-b87b-001bfc37cde0}\Shell - "" = AutoRun
O33 - MountPoints2\{8cdee513-23c4-11df-b87b-001bfc37cde0}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{a45f8eb6-2219-11df-8fc0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a45f8eb6-2219-11df-8fc0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Launch.exe
O33 - MountPoints2\{c3cc6206-cd5b-11e0-afe4-001bfc37cde0}\Shell - "" = AutoRun
O33 - MountPoints2\{c3cc6206-cd5b-11e0-afe4-001bfc37cde0}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{c3cc620e-cd5b-11e0-afe4-001bfc37cde0}\Shell - "" = AutoRun
O33 - MountPoints2\{c3cc620e-cd5b-11e0-afe4-001bfc37cde0}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dv25 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwDV.dll (Matrox Electronic Systems)
Drivers32: vidc.dv50 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwDV.dll (Matrox Electronic Systems)
Drivers32: vidc.dvh1 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwDV100.dll (Matrox Electronic Systems)
Drivers32: vidc.dvsd - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwDV.dll (Matrox Electronic Systems)
Drivers32: VIDC.FFDS - L:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.M101 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfw.dll (Matrox Electronic Systems)
Drivers32: vidc.M102 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwHD.dll (Matrox Electronic Systems)
Drivers32: vidc.M103 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwYUVA.dll (Matrox Electronic Systems)
Drivers32: vidc.M104 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwYUVAHD.dll (Matrox Electronic Systems)
Drivers32: vidc.M301 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwRefAVI.dll (Matrox Electronic Systems)
Drivers32: vidc.M701 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2HD.dll (Matrox Electronic Systems)
Drivers32: vidc.M702 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2HDOffLine.dll (Matrox Electronic Systems)
Drivers32: vidc.M703 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2HDV.dll (Matrox Electronic Systems)
Drivers32: vidc.M704 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2Alpha.dll (Matrox Electronic Systems)
Drivers32: vidc.M705 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2AlphaHD.dll (Matrox Electronic Systems)
Drivers32: vidc.MJPG - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwMjpeg.dll (Matrox Electronic Systems)
Drivers32: vidc.MMES - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2.dll (Matrox Electronic Systems)
Drivers32: vidc.x264 - C:\Windows\System32\x264vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.25 16:16:48 | 000,000,000 | ---D | C] -- C:\Users\Paolo\AppData\Roaming\Malwarebytes
[2011.10.25 16:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.25 16:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.25 16:14:54 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.25 16:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.25 11:27:07 | 000,000,000 | ---D | C] -- C:\Users\Paolo\AppData\Roaming\SUPERAntiSpyware.com
[2011.10.25 11:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.10.25 11:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.10.25 11:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.10.25 08:54:27 | 000,000,000 | RHSD | C] -- C:\Users\Paolo\M-1-52-5782-8752-5245
[2011.10.15 10:48:49 | 000,000,000 | ---D | C] -- C:\Users\Paolo\Desktop\Batman Arkham Asylum
[2011.10.14 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\Paolo\Desktop\Steamless CounterStrikeSource Pack
[2011.10.01 15:47:46 | 000,000,000 | ---D | C] -- C:\Windows\RazorDOX
[2011.09.27 18:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011.09.27 18:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.09.27 15:54:50 | 000,000,000 | ---D | C] -- C:\Users\Paolo\AppData\Roaming\Ubisoft
[2011.09.27 15:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011.09.27 15:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010.02.04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Paolo\AppData\Local\*.tmp files -> C:\Users\Paolo\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.25 18:18:44 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.25 18:18:44 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.25 18:18:44 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.25 18:18:44 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.25 18:13:02 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011.10.25 18:12:35 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.25 18:12:35 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.25 18:12:33 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.25 18:12:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.25 18:12:25 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.25 17:05:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.25 16:15:00 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.25 15:36:45 | 000,090,624 | ---- | M] () -- C:\Users\Paolo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.25 14:40:41 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.25 11:53:40 | 000,000,466 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.10.25 11:26:48 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.10.23 13:08:57 | 000,026,902 | ---- | M] () -- C:\Users\Paolo\Documents\anfang wikinger.odt
[2011.10.18 23:30:32 | 000,000,865 | ---- | M] () -- C:\Users\Paolo\Desktop\iw3mp.exe - Verknüpfung.lnk
[2011.10.13 20:01:19 | 000,011,878 | ---- | M] () -- C:\Users\Paolo\Documents\französisch.odt
[2011.10.13 16:25:10 | 000,263,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.11 17:32:29 | 080,044,796 | ---- | M] () -- C:\Users\Paolo\Documents\kunst.odt
[2011.10.10 18:57:33 | 000,017,518 | ---- | M] () -- C:\Users\Paolo\Documents\geschi eric.odt
[2011.10.08 13:36:32 | 000,024,997 | ---- | M] () -- C:\Users\Paolo\Documents\ethik.odt
[2011.10.07 16:42:21 | 000,015,695 | ---- | M] () -- C:\Users\Paolo\Documents\DAV.odt
[2011.10.05 18:34:32 | 000,596,352 | ---- | M] () -- C:\Users\Paolo\Documents\Scannen0001.jpg
[2011.10.04 19:38:03 | 000,010,343 | ---- | M] () -- C:\Users\Paolo\.recently-used.xbel
[2011.10.03 11:18:05 | 000,028,240 | ---- | M] () -- C:\Users\Paolo\Documents\biologie.odt
[2011.09.29 18:53:00 | 001,412,382 | ---- | M] () -- C:\Users\Paolo\Documents\chemie1.jpg
[2011.09.28 16:27:24 | 000,000,908 | ---- | M] () -- C:\Users\Paolo\Desktop\Crysis2Launcher.exe - Verknüpfung.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Paolo\AppData\Local\*.tmp files -> C:\Users\Paolo\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.25 16:15:00 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.25 14:40:40 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.10.25 14:40:40 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.25 11:26:48 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.10.13 19:17:35 | 000,000,865 | ---- | C] () -- C:\Users\Paolo\Desktop\iw3mp.exe - Verknüpfung.lnk
[2011.10.11 21:13:01 | 000,011,878 | ---- | C] () -- C:\Users\Paolo\Documents\französisch.odt
[2011.10.10 18:52:24 | 000,017,518 | ---- | C] () -- C:\Users\Paolo\Documents\geschi eric.odt
[2011.10.09 15:56:14 | 080,044,796 | ---- | C] () -- C:\Users\Paolo\Documents\kunst.odt
[2011.10.08 20:43:36 | 000,026,902 | ---- | C] () -- C:\Users\Paolo\Documents\anfang wikinger.odt
[2011.10.07 16:42:20 | 000,015,695 | ---- | C] () -- C:\Users\Paolo\Documents\DAV.odt
[2011.10.06 15:14:04 | 000,024,997 | ---- | C] () -- C:\Users\Paolo\Documents\ethik.odt
[2011.10.05 18:32:02 | 000,596,352 | ---- | C] () -- C:\Users\Paolo\Documents\Scannen0001.jpg
[2011.10.04 19:38:03 | 000,010,343 | ---- | C] () -- C:\Users\Paolo\.recently-used.xbel
[2011.09.30 23:22:47 | 000,028,240 | ---- | C] () -- C:\Users\Paolo\Documents\biologie.odt
[2011.09.29 18:54:36 | 001,412,382 | ---- | C] () -- C:\Users\Paolo\Documents\chemie1.jpg
[2011.09.28 16:27:24 | 000,000,908 | ---- | C] () -- C:\Users\Paolo\Desktop\Crysis2Launcher.exe - Verknüpfung.lnk
[2011.07.09 13:52:32 | 003,815,424 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2011.06.24 13:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.06.24 13:47:42 | 000,259,584 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011.06.24 13:47:16 | 000,096,768 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011.06.24 13:47:14 | 000,145,920 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011.06.24 13:47:12 | 000,158,208 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011.06.24 13:47:10 | 001,524,224 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011.06.24 13:47:10 | 000,211,456 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011.06.24 13:47:10 | 000,113,664 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011.06.24 13:47:06 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011.06.24 13:47:04 | 000,136,704 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011.05.04 15:26:04 | 000,000,093 | ---- | C] () -- C:\Users\Paolo\AppData\Local\fusioncache.dat
[2011.04.27 11:21:38 | 003,268,096 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2011.04.10 10:08:39 | 000,000,000 | ---- | C] () -- C:\Program Files\DVD Flick
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.03 13:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011.03.03 13:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011.03.03 13:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011.03.03 13:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011.03.03 13:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011.03.03 13:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011.03.03 13:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2011.03.03 13:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011.03.03 13:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011.03.03 13:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011.02.22 21:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.02.22 21:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.02.05 15:25:19 | 000,362,029 | ---- | C] () -- C:\Windows\System32\SQLite3.dll
[2010.11.11 07:50:00 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.08.18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2010.05.31 14:14:48 | 001,556,992 | ---- | C] () -- C:\Windows\is-U5STP.exe
[2010.05.31 14:09:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.04.26 15:12:23 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2010.04.26 15:12:23 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010.04.26 15:11:51 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2010.04.22 15:11:24 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010.04.09 12:40:37 | 000,153,088 | ---- | C] () -- C:\Windows\System32\fldlckun.exe
[2010.03.28 15:55:09 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.03.22 18:56:36 | 000,004,484 | ---- | C] () -- C:\Windows\System32\drivers\cpuidlep.sys
[2010.03.15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.03.13 13:09:56 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.03.01 22:30:53 | 000,023,661 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.02.28 21:16:53 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.02.28 21:16:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.28 21:15:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.02.28 16:40:04 | 000,162,766 | ---- | C] () -- C:\Windows\hpoins21.dat
[2010.02.28 11:19:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.02.27 17:09:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.02.27 16:58:18 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.02.27 15:58:13 | 000,090,624 | ---- | C] () -- C:\Users\Paolo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.25 17:22:22 | 000,001,356 | ---- | C] () -- C:\Users\Paolo\AppData\Local\d3d9caps.dat
[2009.08.11 23:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009.08.11 23:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\System32\ac3filter_intl.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.03.07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.03.07 13:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2007.09.05 20:26:30 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 17:42:41 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:42:41 | 000,130,818 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:43 | 000,263,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.04 06:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\System32\OptimFROG.dll
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2011.03.15 22:27:53 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\.visualvm
[2010.05.30 18:23:54 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Ashampoo
[2010.03.10 17:02:45 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Auslogics
[2011.08.01 17:06:56 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\avidemux
[2011.08.02 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Avnex
[2011.08.05 14:16:03 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Babylon
[2011.08.02 12:28:36 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Broad Intelligence
[2011.03.16 15:29:37 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\calibre
[2010.05.31 14:14:54 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Canneverbe Limited
[2010.03.01 10:28:39 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DAEMON Tools Lite
[2010.05.31 17:09:11 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DeepBurner
[2011.09.12 20:10:21 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DVDVideoSoft
[2010.05.01 11:27:21 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\GlarySoft
[2011.10.04 19:05:01 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\gtk-2.0
[2011.09.21 19:42:04 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Gutscheinmieze
[2011.10.13 15:06:40 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\ICQ
[2011.09.18 17:44:03 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\inkscape
[2010.03.17 17:07:45 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\KompoZer
[2010.06.19 10:43:27 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\LG Electronics
[2010.02.28 11:43:37 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\OpenOffice.org
[2011.10.09 15:05:45 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\PhotoScape
[2010.10.23 13:40:52 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Stardock
[2010.06.20 18:18:15 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Teleca
[2011.09.13 17:45:12 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\The Creative Assembly
[2011.09.27 15:54:50 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Ubisoft
[2011.08.01 20:19:51 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\VistaCodecs
[2011.08.23 10:09:24 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Vodafone
[2011.08.02 12:31:08 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\WinFF
[2011.10.25 18:13:02 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011.10.25 17:10:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.15 22:27:53 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\.visualvm
[2010.08.06 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Adobe
[2011.09.20 17:38:41 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Apple Computer
[2010.05.30 18:23:54 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Ashampoo
[2010.03.10 17:02:45 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Auslogics
[2011.08.01 17:06:56 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\avidemux
[2011.08.02 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Avnex
[2011.08.05 14:16:03 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Babylon
[2011.08.02 12:28:36 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Broad Intelligence
[2011.03.16 15:29:37 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\calibre
[2010.05.31 14:14:54 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Canneverbe Limited
[2010.03.01 10:28:39 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DAEMON Tools Lite
[2010.05.31 17:09:11 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DeepBurner
[2010.06.28 10:49:01 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DivX
[2010.05.31 18:50:47 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DVD Flick
[2011.06.27 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\dvdcss
[2011.09.12 20:10:21 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DVDVideoSoft
[2010.05.01 11:27:21 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\GlarySoft
[2011.10.04 19:05:01 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\gtk-2.0
[2011.09.21 19:42:04 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Gutscheinmieze
[2010.03.07 16:07:13 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\HP
[2010.04.22 19:32:58 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\HPAppData
[2011.10.13 15:06:40 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\ICQ
[2010.02.25 17:22:26 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Identities
[2011.09.18 17:44:03 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\inkscape
[2010.06.19 10:37:22 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\InstallShield
[2010.03.17 17:07:45 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\KompoZer
[2011.10.25 14:13:46 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Lavasoft
[2010.06.19 10:43:27 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\LG Electronics
[2010.02.26 21:50:40 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Macromedia
[2011.10.25 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Malwarebytes
[2011.10.25 12:08:43 | 000,000,000 | --SD | M] -- C:\Users\Paolo\AppData\Roaming\Microsoft
[2011.10.25 14:41:02 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Mozilla
[2010.05.31 17:29:28 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Nero
[2010.11.25 18:21:35 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\NVIDIA
[2010.02.28 11:43:37 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\OpenOffice.org
[2011.10.09 15:05:45 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\PhotoScape
[2010.12.28 16:55:24 | 000,000,000 | RH-D | M] -- C:\Users\Paolo\AppData\Roaming\SecuROM
[2011.02.05 18:35:47 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Skype
[2011.02.05 18:12:52 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\skypePM
[2010.06.20 17:59:03 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Sony Ericsson
[2010.10.23 13:40:52 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Stardock
[2011.10.25 11:27:07 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\SUPERAntiSpyware.com
[2010.06.20 18:18:15 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Teleca
[2011.09.13 17:45:12 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\The Creative Assembly
[2011.09.27 15:54:50 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Ubisoft
[2011.08.01 20:19:51 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\VistaCodecs
[2011.10.25 15:47:22 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\vlc
[2011.08.23 10:09:24 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Vodafone
[2011.08.02 12:31:08 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\WinFF
[2010.02.28 11:50:37 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Paolo\AppData\Roaming\Gutscheinmieze\uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2010.02.27 12:42:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2010.02.27 12:42:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2010.02.27 12:42:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.02.27 11:42:29 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2010.02.27 11:42:29 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.02.27 17:08:59 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.14 06:43:29 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.04.14 06:43:29 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB61418$] -> Error: Cannot create file handle -> Unknown point type
 
< End of report >

--- --- ---

Swisstreasure · 25.10.2011, 20:11

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Bitte poste die Logs jeweils direkt in den Thread!

Schritt 2

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 3

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL

PRC - [2011.07.01 13:49:26 | 000,884,696 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" File not found
O4 - HKCU..\Run: [Ogeserazur] rundll32.exe   File not found
O32 - AutoRun File - [2009.05.08 12:47:19 | 000,000,052 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011.10.21 17:52:45 | 000,000,000 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011.10.24 22:26:06 | 000,000,000 | ---- | M] () - H:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{5f49f191-414e-11df-bbae-001e101f36d9}\Shell - "" = AutoRun
O33 - MountPoints2\{5f49f191-414e-11df-bbae-001e101f36d9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{74e332ea-0cfa-11df-a309-00269eb454be}\Shell - "" = AutoRun
O33 - MountPoints2\{74e332ea-0cfa-11df-a309-00269eb454be}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{799ff924-3d5d-11df-9a43-00269eb454be}\Shell - "" = AutoRun
O33 - MountPoints2\{799ff924-3d5d-11df-9a43-00269eb454be}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8720fd36-3cef-11df-ba36-00269eb454be}\Shell - "" = AutoRun
O33 - MountPoints2\{8720fd36-3cef-11df-ba36-00269eb454be}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8720fd46-3cef-11df-ba36-00269eb454be}\Shell - "" = AutoRun
O33 - MountPoints2\{8720fd46-3cef-11df-ba36-00269eb454be}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{e9cb707f-d7c3-11de-b4aa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e9cb707f-d7c3-11de-b4aa-806e6f6e6963}\Shell\AutoRun\command - "" = E:\DM_Setup_3.0.0.exe -- [2009.05.08 12:47:22 | 015,903,324 | R--- | M] (Suunto Oy                                                   )
O33 - MountPoints2\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\Shell - "" = AutoRun
O33 - MountPoints2\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\Shell - "" = AutoRun
O33 - MountPoints2\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\H\Shell\install\command - "" = H:\autorun.exe
:Commands
[purity]
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 4

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Schritt 4

Aus welchem Anlass hast Du Combofix angewendet?

paolo6 · 25.10.2011, 23:46

Erstmal vielen Dank für die Hilfe!
Wegen dem 2. Schritt gibt es ein Problem,ich habe kein Spybot mehr,habe es vor einem Monat deinstalliert. Wie kann ich da also den Teatimer abschalten?

Zu Schritt 4.: Leider weiß ich nicht,was Combofix ist,kann dir also keine Antwort darauf geben,sorry.
Die anderen Schritte werde ich sofort Morgen Früh befolgen und die Ergebnise dann posten.

paolo6 · 26.10.2011, 10:33

Hier die gewünschten Texte:

OTL:
Nach dem klicken auf Fix kam eine Fehlermeldung"bitte FloppydiskE einlegen" oder sowas in der Art. Hat dann aber dennoch einen Neustart gemacht.

All processes killed
========== OTL ==========
No active process named Updater.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Ogeserazur not found.
File E:\autorun.inf not found.
File G:\autorun.inf not found.
File H:\autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f49f191-414e-11df-bbae-001e101f36d9}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74e332ea-0cfa-11df-a309-00269eb454be}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799ff924-3d5d-11df-9a43-00269eb454be}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd36-3cef-11df-ba36-00269eb454be}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8720fd46-3cef-11df-ba36-00269eb454be}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9cb707f-d7c3-11de-b4aa-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9cb707f-d7c3-11de-b4aa-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9cb707f-d7c3-11de-b4aa-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9cb707f-d7c3-11de-b4aa-806e6f6e6963}\ not found.
File E:\DM_Setup_3.0.0.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea59be53-dbdd-11e0-b2ab-00269eb454be}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ae24bb-3d8f-11df-9a83-00269eb454be}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\autorun.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: Paolo
->Temp folder emptied: 86261 bytes
->Java cache emptied: 1417359 bytes
->FireFox cache emptied: 95944532 bytes
->Flash cache emptied: 4177 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 311296 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 482617 bytes
RecycleBin emptied: 137778 bytes

Total Files Cleaned = 95,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 10262011_103004

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Gmer:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-26 11:27:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-5 SAMSUNG_HD252HJ rev.1AC01118
Running: wfhsddgy.exe; Driver: C:\Users\Paolo\AppData\Local\Temp\fwloapod.sys


---- System - GMER 1.0.15 ----

SSDT            A20A9D4C                                                                                                            ZwCreateThread
SSDT            A20A9D38                                                                                                            ZwOpenProcess
SSDT            A20A9D3D                                                                                                            ZwOpenThread
SSDT            A20A9D47                                                                                                            ZwTerminateProcess

INT 0x52        ?                                                                                                                   8538EBF8
INT 0x62        ?                                                                                                                   8538EBF8
INT 0x63        ?                                                                                                                   8538EBF8
INT 0x84        ?                                                                                                                   86DC7BF8
INT 0xB3        ?                                                                                                                   8538EBF8
INT 0xB4        ?                                                                                                                   86DC7BF8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                                       828AC9A4 4 Bytes  [4C, 9D, 0A, A2]
.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                       828ACB74 4 Bytes  [38, 9D, 0A, A2]
.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                                       828ACB90 4 Bytes  [3D, 9D, 0A, A2]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                       828ACDA4 4 Bytes  [47, 9D, 0A, A2]
?               System32\Drivers\spnw.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text           USBPORT.SYS!DllUnload                                                                                               8AFBF41B 5 Bytes  JMP 86DC71D8 
.text           csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q                                                                                  92B06000 80 Bytes  [90, 90, 90, 90, 90, 8B, FF, ...]
.text           csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q + 51                                                                             92B06051 176 Bytes  [75, 0A, 39, 50, 58, 0F, 94, ...]
.text           csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q + 102                                                                            92B06102 36 Bytes  [74, 13, 56, 68, C0, E4, B3, ...]
.text           csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q + 127                                                                            92B06127 76 Bytes  [EC, 8B, 45, 18, 33, D2, 3B, ...]
.text           csc.sys!i__h_vdx_xwvw_xocLCjhb_o_q + 174                                                                            92B06174 520 Bytes  [0C, B4, 92, 83, C4, 28, 5E, ...]
.text           csc.sys!PJCFADM_MLQIYEKfzdwkqezxaCZWNHPXBCwIWAsc + E                                                                92B0637D 3 Bytes  [BC, E0, B3]
.text           csc.sys!PJCFADM_MLQIYEKfzdwkqezxaCZWNHPXBCwIWAsc + 12                                                               92B06381 771 Bytes  [8B, 4D, 08, 8A, 09, 80, F9, ...]
.text           csc.sys!PJCFADM_MLQIYEKfzdwkqezxaCZWNHPXBCwIWAsc + 316                                                              92B06685 10 Bytes  [00, 00, 84, C0, 74, 37, A1, ...]
.text           csc.sys!PJCFADM_MLQIYEKfzdwkqezxaCZWNHPXBCwIWAsc + 321                                                              92B06690 370 Bytes  [3D, 00, 00, B4, 92, 74, 18, ...]
.text           csc.sys!zvjwyt__p_tvodB_R_YfjwI_HB_Ejue__m + 162                                                                    92B06803 24 Bytes  [C0, 74, 13, 8B, 40, 10, 8B, ...]
.text           csc.sys!zvjwyt__p_tvodB_R_YfjwI_HB_Ejue__m + 17B                                                                    92B0681C 347 Bytes  [E0, B3, 92, 8B, 45, E4, 66, ...]
.text           csc.sys!zvjwyt__p_tvodB_R_YfjwI_HB_Ejue__m + 2D7                                                                    92B06978 175 Bytes  [89, 48, 20, 8B, 0D, B0, 0F, ...]
.text           csc.sys!KZKSKJTDOO_PSDZYKlRX_AzxqWM_Wqp_DYv_ab_XDTLBNNJA + 2                                                        92B06A28 122 Bytes  CALL D83870B7 
.text           csc.sys!KZKSKJTDOO_PSDZYKlRX_AzxqWM_Wqp_DYv_ab_XDTLBNNJA + 7D                                                       92B06AA3 626 Bytes  [74, 37, 8B, 7D, D0, 83, 7F, ...]
.text           csc.sys!KZKSKJTDOO_PSDZYKlRX_AzxqWM_Wqp_DYv_ab_XDTLBNNJA + 2F0                                                      92B06D16 204 Bytes  [70, 14, FF, 70, 10, E8, 59, ...]
.text           csc.sys!btsrv_cca_VAXjpvq_zXZ_BGNUFP_PByi_e_ng_cqyW_UUZMGV_ELJOI + B4                                               92B06DE3 158 Bytes  [00, 00, C1, E8, 06, A8, 01, ...]
.text           csc.sys!btsrv_cca_VAXjpvq_zXZ_BGNUFP_PByi_e_ng_cqyW_UUZMGV_ELJOI + 153                                              92B06E82 361 Bytes  CALL 92B0FA93 \SystemRoot\system32\drivers\csc.sys (Windows Client Side Caching Driver/Microsoft Corporation)
.text           csc.sys!btsrv_cca_VAXjpvq_zXZ_BGNUFP_PByi_e_ng_cqyW_UUZMGV_ELJOI + 2BD                                              92B06FEC 107 Bytes  [F8, 59, F3, A5, C6, 40, 03, ...]
.text           csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 16                                                                         92B07058 412 Bytes  [45, F4, 8B, 0B, 8B, 49, 60, ...]
.text           csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 1B3                                                                        92B071F5 316 Bytes  [90, 90, 8B, FF, 55, 8B, EC, ...]
.text           csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 2F0                                                                        92B07332 160 Bytes  [18, FF, 75, F8, 68, C0, E4, ...]
.text           csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 391                                                                        92B073D3 72 Bytes  [0F, 94, C1, FE, C9, 80, E1, ...]
.text           csc.sys!QKQWIKGh__wokONBXB__AVC_F_ZsS_ + 3DA                                                                        92B0741C 169 Bytes  [A1, 00, 00, B4, 92, 80, 7D, ...]
.text           ...                                                                                                                 
.text           csc.sys!ebkn_qiwqpskf_h_se__tw___x + 45                                                                             92B091CF 116 Bytes  CALL 92B4D27C \SystemRoot\system32\drivers\csc.sys (Windows Client Side Caching Driver/Microsoft Corporation)
.text           csc.sys!ebkn_qiwqpskf_h_se__tw___x + BA                                                                             92B09244 40 Bytes  [F6, 45, FB, 01, 0F, 84, 93, ...]
.text           csc.sys!ebkn_qiwqpskf_h_se__tw___x + E3                                                                             92B0926D 128 Bytes  [00, B4, 92, 3D, 00, 00, B4, ...]
.text           csc.sys!ebkn_qiwqpskf_h_se__tw___x + 164                                                                            92B092EE 166 Bytes  [FF, FF, FF, 50, 53, 57, E8, ...]
.text           csc.sys!ebkn_qiwqpskf_h_se__tw___x + 20B                                                                            92B09395 54 Bytes  [04, FF, FF, FD, FF, A1, 00, ...]
.text           ...                                                                                                                 
?               C:\Windows\system32\drivers\csc.sys                                                                                 suspicious PE modification
?               C:\Users\Paolo\AppData\Local\Temp\ALSysIO.sys                                                                       Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtProtectVirtualMemory                                              77434B84 5 Bytes  JMP 00DD000A 
.text           C:\Windows\system32\svchost.exe[1220] ntdll.dll!NtWriteVirtualMemory                                                774354C4 5 Bytes  JMP 00DE000A 
.text           C:\Windows\system32\svchost.exe[1220] ntdll.dll!KiUserExceptionDispatcher                                           77435BF8 5 Bytes  JMP 00DA000A 
.text           C:\Windows\system32\svchost.exe[1220] USER32.dll!WindowFromPoint                                                    761C884F 5 Bytes  JMP 013F000A 
.text           C:\Windows\system32\svchost.exe[1220] USER32.dll!GetForegroundWindow                                                761D32C4 5 Bytes  JMP 0140000A 
.text           C:\Windows\system32\svchost.exe[1220] USER32.dll!GetCursorPos                                                       761E0B88 5 Bytes  JMP 0136000A 
.text           C:\Windows\system32\svchost.exe[1220] ole32.dll!CoCreateInstance                                                    772D9F3E 5 Bytes  JMP 0135000A 

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              85D251F8
Device          \FileSystem\fastfat \FatCdrom                                                                                       88C781F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{8B312908-BB77-43FD-9B45-3F2A7F0B5E48}                                            884CB500
Device          \Driver\volmgr \Device\VolMgrControl                                                                                85D221F8
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    86FBB1F8
Device          \Driver\usbehci \Device\USBPDO-1                                                                                    86FBA1F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              85D221F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              85D221F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{5E178F13-0F73-4992-91F4-9220851955A4}                                            884CB500
Device          \Driver\cdrom \Device\CdRom0                                                                                        86FDB500
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                         85D241F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  85D241F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  85D241F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                  85D241F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                  85D241F8
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                  85D241F8
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                  85D241F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-5                                                                         85D241F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-6                                                                         85D241F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-4                                                                         85D241F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              85D221F8
Device          \Driver\cdrom \Device\CdRom1                                                                                        86FDB500
Device          \Driver\USBSTOR \Device\00000066                                                                                    86FBE1F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              85D221F8
Device          \Driver\cdrom \Device\CdRom2                                                                                        86FDB500
Device          \Driver\USBSTOR \Device\00000067                                                                                    86FBE1F8
Device          \Driver\volmgr \Device\HarddiskVolume5                                                                              85D221F8
Device          \Driver\USBSTOR \Device\00000068                                                                                    86FBE1F8
Device          \Driver\volmgr \Device\HarddiskVolume6                                                                              85D221F8
Device          \Driver\USBSTOR \Device\00000069                                                                                    86FBE1F8
Device          \Driver\volmgr \Device\HarddiskVolume7                                                                              85D221F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                             884CB500
Device          \Driver\volmgr \Device\HarddiskVolume8                                                                              85D221F8
Device          \Driver\Smb \Device\NetbiosSmb                                                                                      884BC1F8
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                  870B2500
Device          \Driver\USBSTOR \Device\0000006a                                                                                    86FBE1F8
Device          \Driver\usbohci \Device\USBFDO-0                                                                                    86FBB1F8
Device          \Driver\usbehci \Device\USBFDO-1                                                                                    86FBA1F8
Device          \Driver\USBSTOR \Device\0000006e                                                                                    86FBE1F8
Device          \Driver\USBSTOR \Device\0000006f                                                                                    86FBE1F8
Device          \FileSystem\fastfat \Fat                                                                                            88C781F8

AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \FileSystem\cdfs \Cdfs                                                                                              88C7C1F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x61 0xBC 0x4C 0xF9 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xC8 0x89 0x28 0xD9 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x2B 0x59 0xF8 0xC7 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x61 0xBC 0x4C 0xF9 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xC8 0x89 0x28 0xD9 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x2B 0x59 0xF8 0xC7 ...

---- Files - GMER 1.0.15 ----

File            C:\Windows\$NtUninstallKB61418$\1653587957                                                                          0 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307                                                                          0 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\@                                                                        2048 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\bckfg.tmp                                                                793 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\cfg.ini                                                                  176 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\Desktop.ini                                                              4608 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\keywords                                                                 0 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\kwrd.dll                                                                 208896 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\L                                                                        0 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\L\vhtmwbun                                                               351744 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\U                                                                        0 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\U\00000001.@                                                             1536 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\U\00000002.@                                                             209920 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\U\00000004.@                                                             1024 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\U\80000000.@                                                             1024 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\U\80000004.@                                                             12800 bytes
File            C:\Windows\$NtUninstallKB61418$\3131135307\U\80000032.@                                                             73216 bytes

---- EOF - GMER 1.0.15 ----

--- --- ---

Unaufgefordete Werbung kommt leider immer noch,auch schaltet sich manchmal die Windows Firewall aus und wenn ich versuche sie wieder zu aktivieren kommt die Fehlermeldung"Windows konnte Firewall nicht aktivieren".

Grüße Paolo!

Facebook Trojaner

Log-Analyse und Auswertung: Facebook Trojaner