Facebook Trojaner
Hallo,
wie ich schon in anderen Beiträgen gelesen habe,haben mehrere auf den Facebooklink geklickt-mich eingeschlossen.
Hier ist das Miststück:hxxp://www.ukseikatsu.com/images/images.php?image=IMG07835693.JPG
Seitdem werde ich dauernd zu Werbeseiten weitergeleitet und mein Internet funktioniert nicht mehr richtig,soll heißen es ist langsamer.
Ich hoffe ihr lieben Leute in diesem Board könnt mir helfen,ich wäre euch wirklich sehr dankbar!
Ich hänge noch ein paar Scans an:
nochmal nach anweisung,leider zu groß als anhang:OTL Logfile: Code:
OTL logfile created on: 25.10.2011 18:28:28 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paolo\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,16% Memory free
7,43 Gb Paging File | 6,17 Gb Available in Paging File | 83,09% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 41,40 Gb Free Space | 17,78% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 70,29 Mb Free Space | 70,29% Space Free | Partition Type: NTFS
Drive L: | 297,99 Gb Total Space | 15,58 Gb Free Space | 5,23% Space Free | Partition Type: NTFS
Computer Name: PAOLO-PC | User Name: Paolo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011.10.25 16:28:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Paolo\Downloads\OTL.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.05.21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.03.29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.03.13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008.01.19 00:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
========== Modules (No Company Name) ==========
MOD - [2009.04.11 00:28:24 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
========== Win32 Services (SafeList) ==========
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.03.29 12:36:10 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.12.22 11:52:16 | 000,104,944 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008.03.13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.04.25 13:17:36 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.02.20 21:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010.05.28 20:24:32 | 001,870,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.03.22 18:56:36 | 000,004,484 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\cpuidlep.sys -- (cpuidlep)
DRV - [2010.02.27 17:08:59 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.10 22:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008.03.07 13:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.12.17 17:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007.11.18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.07.11 15:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007.07.11 10:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007.07.11 10:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2006.10.18 13:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005.03.04 19:15:54 | 000,077,072 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k600obex.sys -- (k600obex)
DRV - [2005.03.04 19:13:46 | 000,079,248 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k600mgmt.sys -- (k600mgmt)
DRV - [2005.03.04 19:11:26 | 000,087,456 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k600mdm.sys -- (k600mdm)
DRV - [2005.03.04 19:11:20 | 000,006,096 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k600mdfl.sys -- (k600mdfl)
DRV - [2005.03.04 19:08:50 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k600bus.sys -- (k600bus) Sony Ericsson 600i driver (WDM)
DRV - [2004.01.28 16:03:26 | 000,021,456 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SilvrLnk.sys -- (SilverLink) Texas Instruments SilverLink (USB GraphLink)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.01 22:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.25 15:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.20 17:37:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.01 22:31:08 | 000,000,000 | ---D | M]
[2011.10.25 14:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paolo\AppData\Roaming\mozilla\Extensions
[2011.10.25 15:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paolo\AppData\Roaming\mozilla\Firefox\Profiles\csp8czxl.default\extensions
[2011.10.25 14:40:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.15 22:03:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.09.29 09:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.03.15 22:03:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.05 14:16:05 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 15:41:40 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.09.08 09:50:01 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.04.15 15:31:55 | 000,391,971 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13541 more lines...
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: New Application = C:\Users\Paolo\Desktop\standard prog\Core Temp.exe ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B312908-BB77-43FD-9B45-3F2A7F0B5E48}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Paolo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Paolo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - L:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8cdee513-23c4-11df-b87b-001bfc37cde0}\Shell - "" = AutoRun
O33 - MountPoints2\{8cdee513-23c4-11df-b87b-001bfc37cde0}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{a45f8eb6-2219-11df-8fc0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a45f8eb6-2219-11df-8fc0-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Launch.exe
O33 - MountPoints2\{c3cc6206-cd5b-11e0-afe4-001bfc37cde0}\Shell - "" = AutoRun
O33 - MountPoints2\{c3cc6206-cd5b-11e0-afe4-001bfc37cde0}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{c3cc620e-cd5b-11e0-afe4-001bfc37cde0}\Shell - "" = AutoRun
O33 - MountPoints2\{c3cc620e-cd5b-11e0-afe4-001bfc37cde0}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dv25 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwDV.dll (Matrox Electronic Systems)
Drivers32: vidc.dv50 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwDV.dll (Matrox Electronic Systems)
Drivers32: vidc.dvh1 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwDV100.dll (Matrox Electronic Systems)
Drivers32: vidc.dvsd - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwDV.dll (Matrox Electronic Systems)
Drivers32: VIDC.FFDS - L:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.M101 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfw.dll (Matrox Electronic Systems)
Drivers32: vidc.M102 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwHD.dll (Matrox Electronic Systems)
Drivers32: vidc.M103 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwYUVA.dll (Matrox Electronic Systems)
Drivers32: vidc.M104 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwYUVAHD.dll (Matrox Electronic Systems)
Drivers32: vidc.M301 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwRefAVI.dll (Matrox Electronic Systems)
Drivers32: vidc.M701 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2HD.dll (Matrox Electronic Systems)
Drivers32: vidc.M702 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2HDOffLine.dll (Matrox Electronic Systems)
Drivers32: vidc.M703 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2HDV.dll (Matrox Electronic Systems)
Drivers32: vidc.M704 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2Alpha.dll (Matrox Electronic Systems)
Drivers32: vidc.M705 - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2AlphaHD.dll (Matrox Electronic Systems)
Drivers32: vidc.MJPG - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwMjpeg.dll (Matrox Electronic Systems)
Drivers32: vidc.MMES - C:\Programme\Matrox VFW Software Codecs\VFW32\mvcVfwMpeg2.dll (Matrox Electronic Systems)
Drivers32: vidc.x264 - C:\Windows\System32\x264vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011.10.25 16:16:48 | 000,000,000 | ---D | C] -- C:\Users\Paolo\AppData\Roaming\Malwarebytes
[2011.10.25 16:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.25 16:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.25 16:14:54 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.25 16:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.25 11:27:07 | 000,000,000 | ---D | C] -- C:\Users\Paolo\AppData\Roaming\SUPERAntiSpyware.com
[2011.10.25 11:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.10.25 11:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.10.25 11:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.10.25 08:54:27 | 000,000,000 | RHSD | C] -- C:\Users\Paolo\M-1-52-5782-8752-5245
[2011.10.15 10:48:49 | 000,000,000 | ---D | C] -- C:\Users\Paolo\Desktop\Batman Arkham Asylum
[2011.10.14 20:06:24 | 000,000,000 | ---D | C] -- C:\Users\Paolo\Desktop\Steamless CounterStrikeSource Pack
[2011.10.01 15:47:46 | 000,000,000 | ---D | C] -- C:\Windows\RazorDOX
[2011.09.27 18:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011.09.27 18:59:56 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.09.27 15:54:50 | 000,000,000 | ---D | C] -- C:\Users\Paolo\AppData\Roaming\Ubisoft
[2011.09.27 15:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011.09.27 15:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010.02.04 00:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Paolo\AppData\Local\*.tmp files -> C:\Users\Paolo\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.10.25 18:18:44 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.25 18:18:44 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.25 18:18:44 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.25 18:18:44 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.25 18:13:02 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011.10.25 18:12:35 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.25 18:12:35 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.25 18:12:33 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.25 18:12:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.25 18:12:25 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.25 17:05:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.25 16:15:00 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.25 15:36:45 | 000,090,624 | ---- | M] () -- C:\Users\Paolo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.25 14:40:41 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.25 11:53:40 | 000,000,466 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.10.25 11:26:48 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.10.23 13:08:57 | 000,026,902 | ---- | M] () -- C:\Users\Paolo\Documents\anfang wikinger.odt
[2011.10.18 23:30:32 | 000,000,865 | ---- | M] () -- C:\Users\Paolo\Desktop\iw3mp.exe - Verknüpfung.lnk
[2011.10.13 20:01:19 | 000,011,878 | ---- | M] () -- C:\Users\Paolo\Documents\französisch.odt
[2011.10.13 16:25:10 | 000,263,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.11 17:32:29 | 080,044,796 | ---- | M] () -- C:\Users\Paolo\Documents\kunst.odt
[2011.10.10 18:57:33 | 000,017,518 | ---- | M] () -- C:\Users\Paolo\Documents\geschi eric.odt
[2011.10.08 13:36:32 | 000,024,997 | ---- | M] () -- C:\Users\Paolo\Documents\ethik.odt
[2011.10.07 16:42:21 | 000,015,695 | ---- | M] () -- C:\Users\Paolo\Documents\DAV.odt
[2011.10.05 18:34:32 | 000,596,352 | ---- | M] () -- C:\Users\Paolo\Documents\Scannen0001.jpg
[2011.10.04 19:38:03 | 000,010,343 | ---- | M] () -- C:\Users\Paolo\.recently-used.xbel
[2011.10.03 11:18:05 | 000,028,240 | ---- | M] () -- C:\Users\Paolo\Documents\biologie.odt
[2011.09.29 18:53:00 | 001,412,382 | ---- | M] () -- C:\Users\Paolo\Documents\chemie1.jpg
[2011.09.28 16:27:24 | 000,000,908 | ---- | M] () -- C:\Users\Paolo\Desktop\Crysis2Launcher.exe - Verknüpfung.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Paolo\AppData\Local\*.tmp files -> C:\Users\Paolo\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.10.25 16:15:00 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.25 14:40:40 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.10.25 14:40:40 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.25 11:26:48 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.10.13 19:17:35 | 000,000,865 | ---- | C] () -- C:\Users\Paolo\Desktop\iw3mp.exe - Verknüpfung.lnk
[2011.10.11 21:13:01 | 000,011,878 | ---- | C] () -- C:\Users\Paolo\Documents\französisch.odt
[2011.10.10 18:52:24 | 000,017,518 | ---- | C] () -- C:\Users\Paolo\Documents\geschi eric.odt
[2011.10.09 15:56:14 | 080,044,796 | ---- | C] () -- C:\Users\Paolo\Documents\kunst.odt
[2011.10.08 20:43:36 | 000,026,902 | ---- | C] () -- C:\Users\Paolo\Documents\anfang wikinger.odt
[2011.10.07 16:42:20 | 000,015,695 | ---- | C] () -- C:\Users\Paolo\Documents\DAV.odt
[2011.10.06 15:14:04 | 000,024,997 | ---- | C] () -- C:\Users\Paolo\Documents\ethik.odt
[2011.10.05 18:32:02 | 000,596,352 | ---- | C] () -- C:\Users\Paolo\Documents\Scannen0001.jpg
[2011.10.04 19:38:03 | 000,010,343 | ---- | C] () -- C:\Users\Paolo\.recently-used.xbel
[2011.09.30 23:22:47 | 000,028,240 | ---- | C] () -- C:\Users\Paolo\Documents\biologie.odt
[2011.09.29 18:54:36 | 001,412,382 | ---- | C] () -- C:\Users\Paolo\Documents\chemie1.jpg
[2011.09.28 16:27:24 | 000,000,908 | ---- | C] () -- C:\Users\Paolo\Desktop\Crysis2Launcher.exe - Verknüpfung.lnk
[2011.07.09 13:52:32 | 003,815,424 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2011.06.24 13:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.06.24 13:47:42 | 000,259,584 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011.06.24 13:47:16 | 000,096,768 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011.06.24 13:47:14 | 000,145,920 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011.06.24 13:47:12 | 000,158,208 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011.06.24 13:47:10 | 001,524,224 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011.06.24 13:47:10 | 000,211,456 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011.06.24 13:47:10 | 000,113,664 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011.06.24 13:47:06 | 000,327,680 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011.06.24 13:47:04 | 000,136,704 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011.05.04 15:26:04 | 000,000,093 | ---- | C] () -- C:\Users\Paolo\AppData\Local\fusioncache.dat
[2011.04.27 11:21:38 | 003,268,096 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2011.04.10 10:08:39 | 000,000,000 | ---- | C] () -- C:\Program Files\DVD Flick
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.03 13:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011.03.03 13:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011.03.03 13:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011.03.03 13:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011.03.03 13:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011.03.03 13:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011.03.03 13:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2011.03.03 13:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011.03.03 13:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011.03.03 13:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011.02.22 21:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.02.22 21:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.02.05 15:25:19 | 000,362,029 | ---- | C] () -- C:\Windows\System32\SQLite3.dll
[2010.11.11 07:50:00 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.08.18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2010.05.31 14:14:48 | 001,556,992 | ---- | C] () -- C:\Windows\is-U5STP.exe
[2010.05.31 14:09:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.04.26 15:12:23 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2010.04.26 15:12:23 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010.04.26 15:11:51 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2010.04.22 15:11:24 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010.04.09 12:40:37 | 000,153,088 | ---- | C] () -- C:\Windows\System32\fldlckun.exe
[2010.03.28 15:55:09 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.03.22 18:56:36 | 000,004,484 | ---- | C] () -- C:\Windows\System32\drivers\cpuidlep.sys
[2010.03.15 05:31:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.03.13 13:09:56 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.03.01 22:30:53 | 000,023,661 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.02.28 21:16:53 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.02.28 21:16:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.28 21:15:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.02.28 16:40:04 | 000,162,766 | ---- | C] () -- C:\Windows\hpoins21.dat
[2010.02.28 11:19:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.02.27 17:09:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.02.27 16:58:18 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.02.27 15:58:13 | 000,090,624 | ---- | C] () -- C:\Users\Paolo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.25 17:22:22 | 000,001,356 | ---- | C] () -- C:\Users\Paolo\AppData\Local\d3d9caps.dat
[2009.08.11 23:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009.08.11 23:21:20 | 001,021,440 | ---- | C] () -- C:\Windows\System32\ac3filter_intl.dll
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.03.07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.03.07 13:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2007.09.05 20:26:30 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 17:42:41 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:42:41 | 000,130,818 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:43 | 000,263,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.04 06:52:00 | 000,088,576 | ---- | C] () -- C:\Windows\System32\OptimFROG.dll
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
========== LOP Check ==========
[2011.03.15 22:27:53 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\.visualvm
[2010.05.30 18:23:54 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Ashampoo
[2010.03.10 17:02:45 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Auslogics
[2011.08.01 17:06:56 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\avidemux
[2011.08.02 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Avnex
[2011.08.05 14:16:03 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Babylon
[2011.08.02 12:28:36 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Broad Intelligence
[2011.03.16 15:29:37 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\calibre
[2010.05.31 14:14:54 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Canneverbe Limited
[2010.03.01 10:28:39 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DAEMON Tools Lite
[2010.05.31 17:09:11 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DeepBurner
[2011.09.12 20:10:21 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DVDVideoSoft
[2010.05.01 11:27:21 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\GlarySoft
[2011.10.04 19:05:01 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\gtk-2.0
[2011.09.21 19:42:04 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Gutscheinmieze
[2011.10.13 15:06:40 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\ICQ
[2011.09.18 17:44:03 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\inkscape
[2010.03.17 17:07:45 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\KompoZer
[2010.06.19 10:43:27 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\LG Electronics
[2010.02.28 11:43:37 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\OpenOffice.org
[2011.10.09 15:05:45 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\PhotoScape
[2010.10.23 13:40:52 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Stardock
[2010.06.20 18:18:15 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Teleca
[2011.09.13 17:45:12 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\The Creative Assembly
[2011.09.27 15:54:50 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Ubisoft
[2011.08.01 20:19:51 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\VistaCodecs
[2011.08.23 10:09:24 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Vodafone
[2011.08.02 12:31:08 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\WinFF
[2011.10.25 18:13:02 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011.10.25 17:10:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.03.15 22:27:53 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\.visualvm
[2010.08.06 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Adobe
[2011.09.20 17:38:41 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Apple Computer
[2010.05.30 18:23:54 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Ashampoo
[2010.03.10 17:02:45 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Auslogics
[2011.08.01 17:06:56 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\avidemux
[2011.08.02 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Avnex
[2011.08.05 14:16:03 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Babylon
[2011.08.02 12:28:36 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Broad Intelligence
[2011.03.16 15:29:37 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\calibre
[2010.05.31 14:14:54 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Canneverbe Limited
[2010.03.01 10:28:39 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DAEMON Tools Lite
[2010.05.31 17:09:11 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DeepBurner
[2010.06.28 10:49:01 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DivX
[2010.05.31 18:50:47 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DVD Flick
[2011.06.27 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\dvdcss
[2011.09.12 20:10:21 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\DVDVideoSoft
[2010.05.01 11:27:21 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\GlarySoft
[2011.10.04 19:05:01 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\gtk-2.0
[2011.09.21 19:42:04 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Gutscheinmieze
[2010.03.07 16:07:13 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\HP
[2010.04.22 19:32:58 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\HPAppData
[2011.10.13 15:06:40 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\ICQ
[2010.02.25 17:22:26 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Identities
[2011.09.18 17:44:03 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\inkscape
[2010.06.19 10:37:22 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\InstallShield
[2010.03.17 17:07:45 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\KompoZer
[2011.10.25 14:13:46 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Lavasoft
[2010.06.19 10:43:27 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\LG Electronics
[2010.02.26 21:50:40 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Macromedia
[2011.10.25 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Malwarebytes
[2011.10.25 12:08:43 | 000,000,000 | --SD | M] -- C:\Users\Paolo\AppData\Roaming\Microsoft
[2011.10.25 14:41:02 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Mozilla
[2010.05.31 17:29:28 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Nero
[2010.11.25 18:21:35 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\NVIDIA
[2010.02.28 11:43:37 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\OpenOffice.org
[2011.10.09 15:05:45 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\PhotoScape
[2010.12.28 16:55:24 | 000,000,000 | RH-D | M] -- C:\Users\Paolo\AppData\Roaming\SecuROM
[2011.02.05 18:35:47 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Skype
[2011.02.05 18:12:52 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\skypePM
[2010.06.20 17:59:03 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Sony Ericsson
[2010.10.23 13:40:52 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Stardock
[2011.10.25 11:27:07 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\SUPERAntiSpyware.com
[2010.06.20 18:18:15 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Teleca
[2011.09.13 17:45:12 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\The Creative Assembly
[2011.09.27 15:54:50 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Ubisoft
[2011.08.01 20:19:51 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\VistaCodecs
[2011.10.25 15:47:22 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\vlc
[2011.08.23 10:09:24 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\Vodafone
[2011.08.02 12:31:08 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\WinFF
[2010.02.28 11:50:37 | 000,000,000 | ---D | M] -- C:\Users\Paolo\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Paolo\AppData\Roaming\Gutscheinmieze\uninstall.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2010.02.27 12:42:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2010.02.27 12:42:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2010.02.27 12:42:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2010.02.27 11:42:29 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2010.02.27 11:42:29 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WININIT.EXE >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.02.27 17:08:59 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.14 06:43:29 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.04.14 06:43:29 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< >
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB61418$] -> Error: Cannot create file handle -> Unknown point type
< End of report >
--- --- --- |
