GVU Trojaner, entsperren/entfernen mit Farbar-Programm

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02
Ran by SYSTEM on 27-06-2013 17:44:27
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-10] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-07-20] (Intel Corporation)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [86016 2007-08-01] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8429568 2007-08-01] (NVIDIA Corporation)
HKLM\...\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun [647528 2010-04-28] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
HKU\Mcx1\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Mcx1\...\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized [ 2007-07-25] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKU\Mcx1\...\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [x]
HKU\Mcx1\...\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount [ 2008-11-22] ()
HKU\Mcx1\...\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent [ 2013-02-15] (Valve Corporation)
HKU\Mcx1\...\Run: [Grey pop cake audio] "C:\ProgramData\sixth wma defy.xep15" [x]
HKU\Mcx1\...\Run: [admin knob] "C:\ProgramData\Data Date Date.bt9qlaw" [x]
HKU\Mcx1\...\Run: [Facebook Update] "C:\Users\Osteria\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [ 2012-07-12] (Facebook Inc.)
HKU\Mcx1\...\Run: [SealOne] "C:\Users\Osteria\AppData\Roaming\Seal One\SealOne.exe" /FASTRUN [ 2012-12-27] (Seal One AG)
HKU\Mcx1\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [ 2009-05-05] (Acresso Corporation)
HKU\Mcx1\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [ 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
HKU\Osteria\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-19] (Microsoft Corporation)
HKU\Osteria\...\Run: [Grey pop cake audio] "C:\ProgramData\sixth wma defy.xep15" [x]
HKU\Osteria\...\Run: [admin knob] "C:\ProgramData\Data Date Date.bt9qlaw" [x]
HKU\Osteria\...\Run: [SealOne] "C:\Users\Osteria\AppData\Roaming\Seal One\SealOne.exe" /FASTRUN [ 2012-12-27] (Seal One AG)
HKU\Osteria\...\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized [ 2007-07-25] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKU\Osteria\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Osteria\tnmg2pkn9k9a1.exe [ 2013-06-27] (NVIDIA Corporation)
HKU\Osteria\...\Command Processor: "C:\Users\Osteria\tnmg2pkn9k9a1.exe" <===== ATTENTION!
Startup: C:\Users\Osteria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk
ShortcutTarget: Audio Filter.lnk -> C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe (Sony Corporation)

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752 2013-02-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816 2013-02-25] (Avira Operations GmbH & Co. KG)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
S2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435016 2009-12-07] (TuneUp Software)
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1021256 2009-10-30] (TuneUp Software)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2007-06-28] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2523136 2007-06-20] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-20] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
S3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-06-20] (Sony Corporation)
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [292152 2007-07-05] (Sony Corporation)
S3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [274432 2007-06-28] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [957056 2012-10-26] (Sony Corporation)
S2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2007-08-28] (Sony Corporation)
S2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [131072 2007-08-28] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
S3 VAIOMediaPlatform-UCLS-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [x]

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [101120 2009-10-12] (Huawei Technologies Co., Ltd.)
S3 R5U870FLx86; C:\Windows\System32\Drivers\R5U870FLx86.sys [73472 2007-04-20] (Ricoh)
S3 R5U870FUx86; C:\Windows\System32\Drivers\R5U870FUx86.sys [43904 2007-04-20] (Ricoh)
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [90408 2008-06-04] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [15016 2008-06-04] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [122024 2008-06-04] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [115368 2008-06-04] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [25768 2008-06-04] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [117544 2008-06-04] (MCCI Corporation)
S3 SNC; C:\Windows\System32\Drivers\SonyNC.sys [27520 2006-11-06] (Sony Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [716272 2008-11-22] (Duplex Secure Ltd.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2007-06-06] (Texas Instruments)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 TSMPacket; system32\DRIVERS\tsmpkt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-27 15:44 - 2013-06-27 15:44 - 00000000 ____D C:\FRST
2013-06-27 09:19 - 2013-06-27 09:19 - 01084715 ____A C:\Users\Osteria\AppData\Roaming\2433f433
2013-06-27 09:19 - 2013-06-27 09:19 - 01084673 ____A C:\Users\Osteria\AppData\Local\2433f433
2013-06-27 09:18 - 2013-06-27 09:18 - 00068096 ____A (NVIDIA Corporation) C:\Users\Osteria\tnmg2pkn9k9a1.exe
2013-06-27 09:18 - 2013-06-27 09:18 - 00068096 ____A (NVIDIA Corporation) C:\Users\Osteria\tnmg2pkn9k9a1.dll
2013-06-25 11:31 - 2013-06-27 16:14 - 00000000 ____D C:\e4c96dea219e64f8c868cace7c
2013-06-24 12:02 - 2013-06-27 16:26 - 00000384 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Osteria.job
2013-06-24 12:02 - 2013-06-26 12:03 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Osteria.job
2013-06-24 12:02 - 2013-06-26 11:03 - 00000378 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Osteria.job
2013-06-13 12:48 - 2013-05-16 23:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-13 12:48 - 2013-05-16 23:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-13 12:48 - 2013-05-16 23:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-13 12:48 - 2013-05-16 23:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-13 12:48 - 2013-05-16 23:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-13 12:48 - 2013-05-16 23:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-13 12:48 - 2013-05-16 23:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-13 12:48 - 2013-05-16 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-13 12:48 - 2013-05-16 23:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-13 12:47 - 2013-05-17 00:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-13 12:47 - 2013-05-16 23:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-13 12:47 - 2013-05-16 23:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-13 12:47 - 2013-05-16 23:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-13 12:47 - 2013-05-16 23:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-13 12:47 - 2013-05-16 23:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-13 12:47 - 2013-05-16 23:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 12:06 - 2013-05-08 05:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 12:06 - 2013-05-02 23:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-12 12:06 - 2013-05-02 23:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-12 12:06 - 2013-05-02 05:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 12:06 - 2013-05-02 05:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-12 12:06 - 2013-04-24 05:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 12:06 - 2013-04-24 05:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 12:06 - 2013-04-24 05:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 12:06 - 2013-04-24 05:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 12:06 - 2013-04-24 02:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 12:05 - 2013-04-17 13:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

==================== One Month Modified Files and Folders ========

2013-06-27 16:26 - 2013-06-24 12:02 - 00000384 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Osteria.job
2013-06-27 16:26 - 2009-12-25 18:56 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-27 16:26 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 16:26 - 2006-11-02 13:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-27 16:26 - 2006-11-02 13:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-27 16:14 - 2013-06-25 11:31 - 00000000 ____D C:\e4c96dea219e64f8c868cace7c
2013-06-27 16:14 - 2009-12-11 14:29 - 00000000 ____D C:\ProgramData\Real
2013-06-27 16:14 - 2009-03-23 21:02 - 00000000 ____D C:\users\Mcx1
2013-06-27 16:14 - 2007-12-18 22:00 - 00000000 ____D C:\users\Osteria
2013-06-27 16:14 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\spool
2013-06-27 16:14 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-06-27 16:14 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2013-06-27 16:14 - 2006-11-02 11:22 - 53477376 ____A C:\Windows\System32\config\software_previous
2013-06-27 16:14 - 2006-11-02 11:22 - 35127296 ____A C:\Windows\System32\config\system_previous
2013-06-27 16:10 - 2006-11-02 11:22 - 45088768 ____A C:\Windows\System32\config\components_previous
2013-06-27 16:09 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-06-27 15:53 - 2007-08-15 13:39 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-06-27 15:53 - 2006-11-02 14:01 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-27 15:44 - 2013-06-27 15:44 - 00000000 ____D C:\FRST
2013-06-27 14:58 - 2007-12-18 22:00 - 00061440 ____A C:\Users\Osteria\AppData\Roaming\nvModes.001
2013-06-27 14:03 - 2007-12-18 21:46 - 02053016 ____A C:\Windows\WindowsUpdate.log
2013-06-27 09:24 - 2012-07-30 10:24 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-27 09:19 - 2013-06-27 09:19 - 01084715 ____A C:\Users\Osteria\AppData\Roaming\2433f433
2013-06-27 09:19 - 2013-06-27 09:19 - 01084673 ____A C:\Users\Osteria\AppData\Local\2433f433
2013-06-27 09:18 - 2013-06-27 09:18 - 00068096 ____A (NVIDIA Corporation) C:\Users\Osteria\tnmg2pkn9k9a1.exe
2013-06-27 09:18 - 2013-06-27 09:18 - 00068096 ____A (NVIDIA Corporation) C:\Users\Osteria\tnmg2pkn9k9a1.dll
2013-06-27 09:13 - 2009-12-25 18:56 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-27 08:46 - 2011-11-20 15:14 - 00001146 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-723902195-3043266244-887298501-1000UA.job
2013-06-26 21:14 - 2006-11-02 11:33 - 00005576 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-26 12:03 - 2013-06-24 12:02 - 00000374 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Osteria.job
2013-06-26 11:46 - 2011-11-20 15:14 - 00001124 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-723902195-3043266244-887298501-1000Core.job
2013-06-26 11:03 - 2013-06-24 12:02 - 00000378 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Osteria.job
2013-06-25 11:15 - 2006-11-02 11:22 - 00524288 ____A C:\Windows\System32\config\default_previous
2013-06-25 11:15 - 2006-11-02 11:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-06-22 21:09 - 2013-05-08 14:40 - 00003980 ____A C:\Windows\setupact.log
2013-06-21 21:12 - 2007-12-24 06:19 - 00000000 ____D C:\Update
2013-06-16 19:02 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-13 18:01 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-06-13 12:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-13 12:38 - 2006-11-02 11:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-06-12 12:24 - 2012-07-30 10:24 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 12:24 - 2011-07-16 23:50 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-05 12:47 - 2008-03-17 17:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-06-05 09:01 - 2013-05-24 08:47 - 00000000 ____D C:\Users\Osteria\AppData\Roaming\Soyhal
2013-06-04 21:21 - 2013-05-24 08:47 - 00000000 ____D C:\Users\Osteria\AppData\Roaming\Cyru

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-723902195-3043266244-887298501-1000\$d95d36d54d0baff114e4fbf8656ae7d0

Files to move or delete:
====================
C:\Users\Osteria\tnmg2pkn9k9a1.exe
C:\ProgramData\ezsid.dat

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-10 12:32:42
Restore point made on: 2013-06-11 11:04:05
Restore point made on: 2013-06-11 12:58:58
Restore point made on: 2013-06-12 20:29:33
Restore point made on: 2013-06-13 12:34:37
Restore point made on: 2013-06-14 16:12:42
Restore point made on: 2013-06-14 21:36:30
Restore point made on: 2013-06-15 21:53:31
Restore point made on: 2013-06-16 19:44:37
Restore point made on: 2013-06-18 10:42:14
Restore point made on: 2013-06-19 10:40:37
Restore point made on: 2013-06-20 10:16:45
Restore point made on: 2013-06-21 09:53:10
Restore point made on: 2013-06-21 16:07:27
Restore point made on: 2013-06-22 09:46:14
Restore point made on: 2013-06-23 12:10:51
Restore point made on: 2013-06-24 09:49:53
Restore point made on: 2013-06-25 11:30:44
Restore point made on: 2013-06-26 08:56:48
Restore point made on: 2013-06-27 10:06:25

==================== Memory info =========================== 

Percentage of memory in use: 18%
Total physical RAM: 2045.81 MB
Available physical RAM: 1657.76 MB
Total Pagefile: 1872.59 MB
Available Pagefile: 1729.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1979.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:177.4 GB) (Free:90.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Recovery) (Fixed) (Total:8.91 GB) (Free:0.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (INTENSO) (Removable) (Total:7.37 GB) (Free:7.37 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 186 GB) (Disk ID: 976E47FC)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=177 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)


LastRegBack: 2013-06-27 13:49

==================== End Of Log ============================