Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Computer geht mit Error aus (https://www.trojaner-board.de/126880-computer-geht-error.html)

cosinus 14.11.2012 16:43
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

idila 14.11.2012 18:44
Danke. Hier die 3 neuen Logs.
Nach der adwcleaner.exe + Löschen, wollte der Rechner neustarten, ist aber wiedermal alles scwarz geblieben (Power-Taste beleuchtet), so dass ich das Herunterfahren wieder erzwingen musste + ihn normal neugestartet habe.


AdwCleaner.txt
Code:
# AdwCleaner v2.007 - Logfile creato il 14/11/2012 alle 17:47:31
# Aggiornamento 06/11/2012 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Utente : XXXXX - XXXXX
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\XXXXX\Desktop\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\Ask
Cartella Eliminato : C:\Documents and Settings\All Users\Dati applicazioni\Babylon

***** [Registro] *****

Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro Pulito.

*************************

AdwCleaner[S1].txt - [3230 octets] - [14/11/2012 17:47:31]

########## EOF - C:\AdwCleaner[S1].txt - [3290 octets] ##########

OTL.txt
Code:
OTL logfile created on: 14.11.2012 18:00:56 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Documents and Settings\AAAAA\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germania | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,40% Memory free
5,76 Gb Paging File | 5,25 Gb Available in Paging File | 91,26% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 92,91 Gb Total Space | 31,87 Gb Free Space | 34,30% Space Free | Partition Type: NTFS
 
Computer Name: AAAAA | User Name: AAAAA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\AAAAA\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
PRC - C:\Programmi\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programmi\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Programmi\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Programmi\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)
PRC - C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Programmi\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programmi\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_4bccb9d3\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f2b8d414\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4980b9f8\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_6a03f9cc\system.xml.dll ()
MOD - c:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_5c3c2b6f\System.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\Programmi\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programmi\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
MOD - c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll ()
MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_it_b77a5c561934e089\mscorlib.resources.dll ()
MOD - c:\windows\assembly\gac\system.resources\1.0.5000.0_it_b77a5c561934e089\system.resources.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_it_b77a5c561934e089\system.windows.forms.resources.dll ()
MOD - C:\Programmi\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Programmi\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Programmi\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Programmi\Intel\Wireless\Bin\acAuth.dll ()
MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll ()
MOD - C:\WINDOWS\system32\TDispVol.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AVGIDSAgent) -- C:\Programmi\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (JavaQuickStarterService) -- C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (avgwd) -- C:\Programmi\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NMSAccess) -- C:\Programmi\CDBurnerXP\NMSAccessU.exe ()
SRV - (TAPPSRV) -- C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (CFSvcs) -- C:\Programmi\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PROCEXP150) -- C:\WINDOWS\system32\Drivers\PROCEXP150.SYS File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (Lavasoft Kernexplorer) -- C:\Programmi\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\AAAAA~1\IMPOST~1\Temp\catchme.sys File not found
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Revoflt) -- C:\WINDOWS\system32\drivers\revoflt.sys (VS Revo Group)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2767231553-2537787753-3555782994-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2767231553-2537787753-3555782994-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2767231553-2537787753-3555782994-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 CA DD 5A 44 63 CC 01  [binary data]
IE - HKU\S-1-5-21-2767231553-2537787753-3555782994-1006\..\SearchScopes,DefaultScope = {2003FEA2-F7A0-4DB7-9C42-79C84419D5E1}
IE - HKU\S-1-5-21-2767231553-2537787753-3555782994-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2767231553-2537787753-3555782994-1006\..\SearchScopes\{2003FEA2-F7A0-4DB7-9C42-79C84419D5E1}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_it
IE - HKU\S-1-5-21-2767231553-2537787753-3555782994-1006\..\SearchScopes\{E3333C96-2E5E-4BF3-B64E-0157AFC8B672}: "URL" =
IE - HKU\S-1-5-21-2767231553-2537787753-3555782994-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programmi\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\programmi\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\programmi\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\programmi\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programmi\AVG\AVG2012\Firefox4\ [2012.09.11 08:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.08 20:28:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Programmi\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.03 09:23:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff
 
[2012.06.29 20:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AAAAA\Dati applicazioni\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - homepage: https://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://www.google.de/
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmi\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin8.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmi\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Disabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Disabled) = C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Disabled) = c:\programmi\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Disabled) = c:\programmi\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programmi\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Disabled) = c:\programmi\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Google Mail = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012.11.13 18:38:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programmi\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2767231553-2537787753-3555782994-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Programmi\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programmi\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Programmi\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Programmi\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2767231553-2537787753-3555782994-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2767231553-2537787753-3555782994-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2767231553-2537787753-3555782994-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2767231553-2537787753-3555782994-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programmi\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O15 - HKU\S-1-5-21-2767231553-2537787753-3555782994-1006\..Trusted Domains: facebook.com ([apps] https in Siti attendibili)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304748869531 (MUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.17 09:33:18 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.13 23:19:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.11.13 18:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2012.11.13 18:25:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\AAAAA\Menu Avvio\Programmi\Strumenti di amministrazione
[2012.11.13 18:20:47 | 005,000,873 | R--- | C] (Swearware) -- C:\Documents and Settings\AAAAA\Desktop\ComboFix.exe
[2012.11.13 13:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Sun
[2012.11.13 11:19:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.11.13 11:10:48 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\AAAAA\Desktop\tdsskiller.exe
[2012.11.13 11:02:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\AAAAA\Desktop\aswMBR.exe
[2012.11.13 00:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2012.11.11 19:30:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AAAAA\Desktop\OTL.exe
[2012.10.30 19:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2012.10.30 19:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Intel
[2012.10.30 14:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Funny Bear Studio
[2012.10.30 14:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AAAAA\Desktop\World Riddles - Seven Wonders
[2012.10.23 19:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\QuickTime
[2012.10.23 19:27:06 | 000,000,000 | ---D | C] -- C:\Programmi\QuickTime
[2012.10.23 19:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
[2012.10.23 19:25:53 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Apple
[2012.10.23 19:25:33 | 000,000,000 | ---D | C] -- C:\Programmi\Apple Software Update
[2012.10.23 19:25:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Apple
[2012.10.20 14:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Temp
[2012.10.16 20:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\SRWare Iron
[2012.10.16 20:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Chromium
[2012.10.16 20:03:47 | 000,000,000 | ---D | C] -- C:\Programmi\SRWare Iron
[2011.01.31 09:23:21 | 000,319,248 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\UPI32.dll
[2011.01.31 09:23:20 | 000,319,248 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\UPI.dll
[2011.01.31 09:23:19 | 000,693,096 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\SetupUi.dll
[2011.01.31 09:23:17 | 000,704,360 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\SetupAcadUi.dll
[2011.01.31 09:23:10 | 001,049,312 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\PatchMgr.dll
[2011.01.31 09:23:05 | 000,653,120 | ---- | C] (Microsoft Corporation) -- C:\Programmi\msvcr90.dll
[2011.01.31 09:23:04 | 000,569,664 | ---- | C] (Microsoft Corporation) -- C:\Programmi\msvcp90.dll
[2011.01.31 09:23:04 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Programmi\msvcm90.dll
[2011.01.31 09:23:01 | 003,783,672 | ---- | C] (Microsoft Corporation) -- C:\Programmi\mfc90u.dll
[2011.01.31 09:22:58 | 000,375,128 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\MC3Res.dll
[2011.01.31 09:22:57 | 001,764,696 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\MC3.dll
[2011.01.31 09:22:56 | 000,108,392 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\LiteHtml.dll
[2011.01.31 09:22:52 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Programmi\gdiplus.dll
[2011.01.31 09:22:49 | 000,544,616 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\DeployUi.dll
[2011.01.31 09:22:48 | 000,085,352 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\CIPUtil.dll
[2011.01.31 09:22:22 | 001,274,728 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\adlmPIT.dll
[2011.01.31 09:22:22 | 000,189,800 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\adlmutil.dll
[2011.01.31 09:22:13 | 000,047,328 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\AcSetup.dll
[2011.01.31 09:21:45 | 000,190,688 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\senddmp.exe
[2011.01.31 09:20:18 | 000,161,640 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\AcDelTree.exe
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\bass.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.14 17:53:51 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.14 17:53:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.14 17:53:42 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.14 17:40:00 | 000,001,234 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2767231553-2537787753-3555782994-1006UA.job
[2012.11.14 17:13:49 | 100,217,157 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.11.14 16:50:00 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.14 15:55:36 | 000,541,569 | ---- | M] () -- C:\Documents and Settings\AAAAA\Desktop\adwcleaner.exe
[2012.11.14 13:08:26 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\AAAAA\Desktop\MBR.dat
[2012.11.14 00:40:00 | 000,001,182 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2767231553-2537787753-3555782994-1006Core.job
[2012.11.13 18:38:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.11.13 18:20:47 | 005,000,873 | R--- | M] (Swearware) -- C:\Documents and Settings\AAAAA\Desktop\ComboFix.exe
[2012.11.13 11:10:54 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\AAAAA\Desktop\tdsskiller.exe
[2012.11.13 11:02:23 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\AAAAA\Desktop\aswMBR.exe
[2012.11.12 20:41:45 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2012.11.11 19:57:48 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\AAAAA\Desktop\x8ypdrpr.exe
[2012.11.11 19:30:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AAAAA\Desktop\OTL.exe
[2012.11.11 19:29:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\AAAAA\defogger_reenable
[2012.11.11 19:27:35 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\AAAAA\Desktop\Defogger.exe
[2012.11.11 19:23:42 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2767231553-2537787753-3555782994-1006.job
[2012.11.10 23:44:24 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2767231553-2537787753-3555782994-1006.job
[2012.11.06 21:39:54 | 000,245,718 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012.10.30 20:19:41 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\AAAAA\Desktop\Collegamento a Wonders.exe.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.14 15:55:33 | 000,541,569 | ---- | C] () -- C:\Documents and Settings\AAAAA\Desktop\adwcleaner.exe
[2012.11.13 11:13:22 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\AAAAA\Desktop\MBR.dat
[2012.11.11 19:57:46 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\AAAAA\Desktop\x8ypdrpr.exe
[2012.11.11 19:29:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\AAAAA\defogger_reenable
[2012.11.11 19:27:35 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\AAAAA\Desktop\Defogger.exe
[2012.10.30 20:19:41 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\AAAAA\Desktop\Collegamento a Wonders.exe.lnk
[2012.10.23 19:25:37 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Apple Software Update.lnk
[2012.10.13 16:45:50 | 000,372,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.09.18 18:48:08 | 000,076,464 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012.02.14 22:58:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.25 08:56:08 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2011.10.30 11:27:54 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2011.02.17 03:06:41 | 000,001,501 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\RecConfig.xml
[2011.01.31 13:05:12 | 000,000,008 | -H-- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\L8457789110
[2011.01.31 09:30:21 | 000,001,022 | ---- | C] () -- C:\Programmi\upiconfig.xml
[2011.01.31 09:29:08 | 000,075,909 | ---- | C] () -- C:\Programmi\We_Support_You_German.pdf
[2011.01.31 09:29:08 | 000,009,416 | ---- | C] () -- C:\Programmi\AutoCADConfig.pit
[2011.01.31 09:28:14 | 000,023,635 | ---- | C] () -- C:\Programmi\mapfile.mlm
[2011.01.31 09:28:14 | 000,001,528 | ---- | C] () -- C:\Programmi\ProdDep_UserDep.mc3
[2011.01.31 09:28:14 | 000,000,684 | ---- | C] () -- C:\Programmi\ProdInd_UserDep.mc3
[2011.01.31 09:28:14 | 000,000,546 | ---- | C] () -- C:\Programmi\ProdInd_UserInd.mc3
[2011.01.31 09:28:14 | 000,000,216 | ---- | C] () -- C:\Programmi\ProdDep_UserInd.mc3
[2011.01.31 09:20:15 | 000,018,506 | ---- | C] () -- C:\Programmi\Setup.ini
[2010.12.28 09:44:54 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.12.16 01:24:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2010.06.13 16:16:02 | 000,000,236 | ---- | C] () -- C:\Programmi\File comuni\dx.reg
[2010.06.06 12:44:09 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.01.17 09:40:53 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:13:50 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:13:56 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:EB86F355

< End of report >


Extras.txt
Code:
OTL Extras logfile created on: 14.11.2012 18:00:56 - Run 4
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Documents and Settings\YYYY\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germania | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 73,40% Memory free
5,76 Gb Paging File | 5,25 Gb Available in Paging File | 91,26% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 92,91 Gb Total Space | 31,87 Gb Free Space | 34,30% Space Free | Partition Type: NTFS
 
Computer Name: XXXX | User Name: YYYY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\Messenger\msmsgs.exe" = C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programmi\AVG\AVG2012\avgmfapx.exe" = C:\Programmi\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG2012\avgnsx.exe" = C:\Programmi\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG2012\avgdiagex.exe" = C:\Programmi\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnose 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG2012\avgemcx.exe" = C:\Programmi\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal eMail-Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06C71F80-0E30-4E2C-878F-8502AB5AE3BE}" = ATI Catalyst Control Center
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = Manuali TOSHIBA
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{661E5E8A-C9AF-4815-8996-C2A809196864}" = Schreibmaschinenkurs 3.5 Shareware
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{691BD252-796D-4AE3-924C-C48A1CD4BEDF}" = OpenOffice.org 3.2
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = Suono virtuale TOSHIBA
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Silenziatore unità CD/DVD
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A725C340-77EE-11D6-BBC2-0000CB591583}" = A.F.5 Rename your files 1.1
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All ATI Software" = ATI - Programma di disinstallazione
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FileZilla Client" = FileZilla Client 3.5.0
"HyperCam 2" = HyperCam 2
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP3 Recorder Studio_is1" = MP3 Recorder Studio 6.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Notepad++" = Notepad++
"PDFConverter Desktop_is1" = PDFConverter Desktop
"ProInst" = Software Intel(R) PROSet/Wireless
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ToshibaConnect" = Toshiba Connect
"TreeSize Free_is1" = TreeSize Free V2.7
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2767231553-2537787753-3555782994-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab FLV Player" = FoxTab FLV Player
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.08.2012 00:36:15 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore , versione 0.0.0.0, modulo
che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x00000000.
 
Error - 01.08.2012 07:36:17 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore FlashPlayerUpdateService.exe,
 versione 11.3.300.268, modulo che ha provocato l'errore ntdll.dll, versione 5.1.2600.6055,
 indirizzo errore 0x000113c0.
 
Error - 02.08.2012 02:36:20 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore FlashPlayerUpdateService.exe,
 versione 11.3.300.268, modulo che ha provocato l'errore ntdll.dll, versione 5.1.2600.6055,
 indirizzo errore 0x000113c0.
 
Error - 27.09.2012 05:28:24 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512,
 modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x04bdf6d5.
 
Error - 28.09.2012 05:36:16 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore , versione 0.0.0.0, modulo
che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x059af6d5.
 
Error - 30.09.2012 04:24:17 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore gnotify.exe, versione 1.0.25.0,
 modulo che ha provocato l'errore , versione 5.1.2600.6055, indirizzo errore 0x00019af2.
 
Error - 30.10.2012 04:55:15 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512,
 modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x0546f6d5.
 
Error - 07.11.2012 07:42:57 | Computer Name = XXXX | Source = ESENT | ID = 490
Description = svchost (1248) Tentativo di apertura del file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 per accesso in lettura e scrittura non riuscito con errore di sistema 32 (0x00000020):
 "Impossibile accedere al file. Il file è utilizzato da un altro processo. ". L'operazione
 di apertura del file non verrà effettuata con errore -1032 (0xfffffbf8).
 
Error - 13.11.2012 06:28:16 | Computer Name = XXXX | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 a causa del seguente errore: The server name or address could not be resolved 
 
Error - 13.11.2012 06:28:17 | Computer Name = XXXX | Source = crypt32 | ID = 131080
Description = Impossibile eseguire il recupero con aggiornamento automatico del
numero di sequenza dell'elenco principale di altri produttori da: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 a causa del seguente errore: La connessione in rete non esiste. 
 
[ System Events ]
Error - 12.11.2012 19:08:35 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
  %%126
 
Error - 13.11.2012 05:09:53 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
  %%126
 
Error - 13.11.2012 06:28:35 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
  %%126
 
Error - 13.11.2012 08:18:42 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
  %%126
 
Error - 13.11.2012 10:46:43 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
  %%126
 
Error - 13.11.2012 13:27:50 | Computer Name = XXXX | Source = Service Control Manager | ID = 7016
Description = Il servizio BrSplService ha riportato lo stato non valido corrente
 0.
 
Error - 13.11.2012 18:44:27 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
  %%126
 
Error - 14.11.2012 02:22:31 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
  %%126
 
Error - 14.11.2012 08:19:39 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
  %%126
 
Error - 14.11.2012 12:54:19 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
  %%126
 
 
< End of report >

cosinus 14.11.2012 21:00
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


idila 15.11.2012 00:49
Das wir fast durch sind, hört sich klasse an. Laptop läuft auch schon wieder schneller. Hier die 2 neuen Logs. Danke
Eine Sache: ich hatte beim AVG die Deaktivierungs-Option der 15 Minuten gewählt statt die nächsthöhere bis zum Neustart, wußte nicht, dass der ESET 2 Std scannt und habe dann überhaupt nicht mehr daran gedacht, erst wieder, nachdem er fertig gescannt hatte. AVG hat sich also während des Scannens wieder aktiviert. Sorry, ich werde ihn dann wohl morgen nochmal scannen lassen, poste dennoch schon mal den ESET-Log.


mbam.txt
Code:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.14.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
XXXX :: XXXX [Administrator]

14.11.2012 22:21:02
mbam-log-2012-11-14 (22-21-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214912
Laufzeit: 5 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


ESET.txt
Code:
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5aa38b8c9327164095ead55740c7b3ff
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-14 11:37:49
# local_time=2012-11-15 12:37:49 (+0100, ora solare Europa occidentale)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 70799526 70799526 0 0
# compatibility_mode=1024 16777191 100 0 10806603 10806603 0 0
# compatibility_mode=8192 67108863 100 0 3882 3882 0 0
# scanned=149992
# found=4
# cleaned=0
# scan_time=7182
C:\Programmi\FoxTabFLVPlayer\FLVPlayer.exe        a variant of Win32/InstallCore.A application (unable to clean)        00000000000000000000000000000000        I
C:\Programmi\FoxTabFLVPlayer\Uninstall\Uninstall.exe        a variant of Win32/InstallCore.F application (unable to clean)        00000000000000000000000000000000        I
C:\System Volume Information\_restore{00228FAC-3D60-4E3D-A9AA-E6622D9240A7}\RP767\A0151294.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\System Volume Information\_restore{00228FAC-3D60-4E3D-A9AA-E6622D9240A7}\RP767\A0151314.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
Hallo Cosinus, habe den ST nochmal laufen lassen, diesmal mit AVG stets deaktiviert, der Log scheint der gleiche, dennoch hier nochmal. Danke und Grüße

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5aa38b8c9327164095ead55740c7b3ff
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-15 03:10:12
# local_time=2012-11-15 04:10:12 (+0100, ora solare Europa occidentale)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 70856569 70856569 0 0
# compatibility_mode=1024 16777175 100 0 10863646 10863646 0 0
# compatibility_mode=8192 67108863 100 0 3781 3781 0 0
# scanned=150097
# found=4
# cleaned=0
# scan_time=6082
C:\Programmi\FoxTabFLVPlayer\FLVPlayer.exe        a variant of Win32/InstallCore.A application (unable to clean)        00000000000000000000000000000000        I
C:\Programmi\FoxTabFLVPlayer\Uninstall\Uninstall.exe        a variant of Win32/InstallCore.F application (unable to clean)        00000000000000000000000000000000        I
C:\System Volume Information\_restore{00228FAC-3D60-4E3D-A9AA-E6622D9240A7}\RP767\A0151294.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\System Volume Information\_restore{00228FAC-3D60-4E3D-A9AA-E6622D9240A7}\RP767\A0151314.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
.
.
.
*ESET (nicht ST)

cosinus 15.11.2012 16:59
Die Funde von ESET kannste ignorieren, hysterische Adware Funde, weil evtl. die Dateien Adware (Werbung) anzeigne/installieren könnten.

Ansonsten soweit ok.

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

idila 15.11.2012 20:49
Hallo Cosinus, vielen vielen Dank für deine Hilfe! :singsing:

Danke auch für den Link zu Blocking Unwanted Parasites with a Hosts File, muss ich nun genauer checken. Die Cookies werde ich nun automatisch löschen lassen und auch alle anderen Ratschläge befolgen.

Mein Compi hat nun keine ersichtlichen Probleme mehr + läuft auch wieder schneller. Wunderbar!

Noch 3 Fragen:
1. Gelöscht habe ich ja nur 1 x mit dem adwcleaner.exe, nun habe ich noch von Combofix 1 Log mit Quarantäne, muss ich da noch was löschen?
2. Ich sehe in den Logs einige HKEY_LOCAL_MACHINE Einträge von Sachen, die schon lange deinstalliert wurden, wie Symantec, Kapersky, McAfee etc. kann ich die manuell löschen oder ist das nicht so wichtig?
3. Kann ich den Defogger wieder Re-enable?

Grüße, idila :daumenhoc

cosinus 15.11.2012 22:56
1. nein
2. lass die Registry in Ruhe!!
3. ja

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

idila 16.11.2012 05:59
Super, lieber Cosinus, bin echt HAPPY + dir sehr dankbar für deine Hilfe in meiner PC-Not. Freue mich auch, dass es ohne Neuformattierung ging. All diese Scans waren zudem sehr interessant, auch wenn mein Vertsändnis dafür beschränkt ist. Nun checke ich noch alle Updates etc. wie von dir empfohlen.

Dir 1 schöne Zeit und herzlichen Dank für deine intensive Hilfe.
Grüße, idila :party:

Cosinus, gerade ist wieder mal 1 Bluescreen + Crash gekommen. Falls du nochmal vorbeikommst, hier der BlueScreenView-Log. Die Fehlermeldung ist so gut wie identisch mit der auf dem Screenshot der 1. Seite dieses Threads. Verstehe nicht, was daran Schuld sein könnte.
Danke vielmals :balla:


BSOD.txt
Code:
==================================================
Dump File        : Mini111612-01.dmp
Crash Time        : 16.11.2012 17:40:14
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x10000050
Parameter 1      : 0xe213b01c
Parameter 2      : 0x00000000
Parameter 3      : 0xbf82ebc1
Parameter 4      : 0x00000001
Caused By Driver  : win32k.sys
Caused By Address : win32k.sys+2ebc1
File Description  : Driver Win32 multiutente
Product Name      : Sistema operativo Microsoft® Windows®
Company          : Microsoft Corporation
File Version      : 5.1.2600.6307 (xpsp_sp3_gdr.121022-1132)
Processor        : 32-bit
Crash Address    : win32k.sys+2ebc1
Stack Address 1  : win32k.sys+2f137
Stack Address 2  : win32k.sys+2ee77
Stack Address 3  : ntoskrnl.exe+699f
Computer Name    :
Full Path        : C:\WINDOWS\Minidump\Mini111612-01.dmp
Processors Count  : 2
Major Version    : 15
Minor Version    : 2600
Dump File Size    : 90.112
==================================================

==================================================
Dump File        : Mini111112-01.dmp
Crash Time        : 11.11.2012 19:17:15
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x10000050
Parameter 1      : 0xe309401c
Parameter 2      : 0x00000000
Parameter 3      : 0xbf82ebd1
Parameter 4      : 0x00000001
Caused By Driver  : win32k.sys
Caused By Address : win32k.sys+2ebd1
File Description  : Driver Win32 multiutente
Product Name      : Sistema operativo Microsoft® Windows®
Company          : Microsoft Corporation
File Version      : 5.1.2600.6307 (xpsp_sp3_gdr.121022-1132)
Processor        : 32-bit
Crash Address    : win32k.sys+2ebd1
Stack Address 1  : win32k.sys+2f147
Stack Address 2  : win32k.sys+2ee87
Stack Address 3  : ntoskrnl.exe+699f
Computer Name    :
Full Path        : C:\WINDOWS\Minidump\Mini111112-01.dmp
Processors Count  : 2
Major Version    : 15
Minor Version    : 2600
Dump File Size    : 90.112
==================================================

==================================================
Dump File        : Mini102712-01.dmp
Crash Time        : 27.10.2012 10:37:21
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x10000050
Parameter 1      : 0xe1f7d01c
Parameter 2      : 0x00000000
Parameter 3      : 0xbf82ebd1
Parameter 4      : 0x00000001
Caused By Driver  : win32k.sys
Caused By Address : win32k.sys+2ebd1
File Description  : Driver Win32 multiutente
Product Name      : Sistema operativo Microsoft® Windows®
Company          : Microsoft Corporation
File Version      : 5.1.2600.6307 (xpsp_sp3_gdr.121022-1132)
Processor        : 32-bit
Crash Address    : win32k.sys+2ebd1
Stack Address 1  : win32k.sys+3a81f
Stack Address 2  : win32k.sys+49a27
Stack Address 3  : win32k.sys+4ad80
Computer Name    :
Full Path        : C:\WINDOWS\Minidump\Mini102712-01.dmp
Processors Count  : 2
Major Version    : 15
Minor Version    : 2600
Dump File Size    : 90.112
==================================================


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:17 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130