Hallo Cosinus, vielen Dank für deine Antwort. Die .txt poste ich nochmal in CODE-Tags, sorry.
Das Programm, dessen Installations-CD beim Umzug verloren ging, ist Photoshop 5.5. Noch habe ich es installiert, durch 1 Formattierung würde ich es definitv verlieren.
Den Text vom Bluescreen kenne ich nicht, da er nur 1/2 Sek aufleuchtet, danach ist der Computer zwar noch an (Power-Taste leuchtet), aber alles bleibt schwarz. Ich muss das Herunterfahren des Laptops dann erzwingen. Beim Neustart erscheint dann 1 Fehlermeldung. Von der habe ich am 12.Oktober mal 1 Screenshot gemacht samt Details, das Bild poste ich. Damals hatte ich dann die Cookies gelöscht, mehr nicht.
Vielen Dank für deine Zeit, die du hier mit mir investierst.
Grüße idila
Screenshot von Fehlermeldung 12.10.12 (nach Bluescreen) http://img528.imageshack.us/img528/9...ormessagec.jpg OTL.txt Code:
OTL logfile created on: 12.11.2012 21:20:45 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\AAAAA\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germania | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,22% Memory free
5,76 Gb Paging File | 5,04 Gb Available in Paging File | 87,44% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 92,91 Gb Total Space | 30,97 Gb Free Space | 33,34% Space Free | Partition Type: NTFS
Computer Name: AAAAA | User Name: AAAAA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.11.11 19:30:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AAAAA\Desktop\OTL.exe
PRC - [2012.09.27 16:19:47 | 000,364,544 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2012.08.13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2012\avgidsagent.exe
PRC - [2012.07.31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2012\avgtray.exe
PRC - [2012.07.26 02:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2012\avgrsx.exe
PRC - [2012.07.05 21:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) -- C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012.06.13 02:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2012\avgnsx.exe
PRC - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 03:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG2012\avgcsrvx.exe
PRC - [2012.02.08 20:27:22 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Real\RealPlayer\Update\realsched.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programmi\CDBurnerXP\NMSAccessU.exe
PRC - [2009.12.22 11:48:29 | 006,034,432 | ---- | M] () -- C:\Programmi\Adobe\Photoshop 5.5\Photoshp.exe
PRC - [2008.04.14 03:14:12 | 001,415,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2008.04.14 03:14:07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.12.20 11:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005.12.17 00:21:00 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Programmi\Synaptics\SynTP\Toshiba.exe
PRC - [2005.12.05 12:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005.11.30 12:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Programmi\Toshiba\Tvs\TvsTray.exe
PRC - [2005.11.28 11:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005.11.28 11:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005.10.06 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.09.16 14:12:52 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2005.08.12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005.08.04 10:29:42 | 000,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005.08.04 10:29:28 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005.07.15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Programmi\Google\Gmail Notifier\gnotify.exe
PRC - [2005.05.12 13:33:00 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Programmi\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005.01.18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programmi\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (No Company Name) ==========
MOD - [2012.06.13 12:18:33 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_4bccb9d3\system.drawing.dll
MOD - [2012.06.13 12:18:18 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f2b8d414\system.windows.forms.dll
MOD - [2012.06.13 12:17:51 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012.04.04 06:53:56 | 000,301,056 | ---- | M] () -- C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.01.10 01:17:01 | 003,391,488 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4980b9f8\mscorlib.dll
MOD - [2012.01.10 01:16:48 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_6a03f9cc\system.xml.dll
MOD - [2012.01.10 01:16:27 | 001,966,080 | ---- | M] () -- c:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_5c3c2b6f\System.dll
MOD - [2012.01.10 01:16:12 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012.01.10 01:16:11 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012.01.10 01:16:09 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011.05.22 18:21:36 | 000,093,696 | ---- | M] () -- C:\Programmi\FileZilla FTP Client\fzshellext.dll
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programmi\CDBurnerXP\NMSAccessU.exe
MOD - [2009.12.22 11:48:29 | 006,034,432 | ---- | M] () -- C:\Programmi\Adobe\Photoshop 5.5\Photoshp.exe
MOD - [2009.11.05 07:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009.11.04 01:14:04 | 000,054,272 | ---- | M] () -- C:\Programmi\Notepad++\NppShell_01.dll
MOD - [2008.10.22 16:07:48 | 000,982,016 | ---- | M] () -- C:\Programmi\PDFConverterDesktop\PDFConverterShell.dll
MOD - [2007.08.21 12:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2006.01.17 09:42:42 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2006.01.17 09:42:41 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006.01.17 09:42:41 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2006.01.17 09:41:40 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_it_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006.01.17 09:41:40 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\system.resources\1.0.5000.0_it_b77a5c561934e089\system.resources.dll
MOD - [2006.01.17 09:41:39 | 000,180,224 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_it_b77a5c561934e089\system.windows.forms.resources.dll
MOD - [2005.11.28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Programmi\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005.11.28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Programmi\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005.11.28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Programmi\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005.11.03 11:37:58 | 000,970,862 | ---- | M] () -- C:\Programmi\Intel\Wireless\Bin\acAuth.dll
MOD - [2004.07.20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2002.03.03 04:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll
MOD - [1999.06.30 21:50:28 | 000,056,320 | ---- | M] () -- C:\Programmi\Adobe\Photoshop 5.5\Plug-Ins\Adobe Photoshop Only\Extensions\FastCore.8BX
MOD - [1999.06.30 21:50:04 | 000,109,056 | ---- | M] () -- C:\Programmi\Adobe\Photoshop 5.5\Plug-Ins\Adobe Photoshop Only\Extensions\MThread.8BX
MOD - [1999.06.30 21:24:20 | 000,179,200 | ---- | M] () -- C:\Programmi\Adobe\Photoshop 5.5\Plug-Ins\Adobe Photoshop Only\Extensions\MMXCore.8BX
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.07.05 21:07:00 | 000,161,704 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.01.31 10:05:23 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programmi\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2005.12.20 11:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005.01.18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programmi\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003.07.28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\PROCEXP150.SYS -- (PROCEXP150)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programmi\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\AAAAA~1\IMPOST~1\Temp\catchme.sys -- (catchme)
DRV - [2012.08.24 14:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.07.26 02:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.04.19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.01.31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2009.12.30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.12.21 05:51:46 | 001,419,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.12.10 00:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2005.12.05 09:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005.11.30 18:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.11.30 11:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005.11.28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.11.15 17:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.10.20 14:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005.10.06 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005.10.06 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005.10.06 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005.10.06 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005.10.06 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005.10.06 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005.10.06 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.09.09 14:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005.08.25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.08.25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003.01.29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 CA DD 5A 44 63 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {2003FEA2-F7A0-4DB7-9C42-79C84419D5E1}
IE - HKCU\..\SearchScopes\{2003FEA2-F7A0-4DB7-9C42-79C84419D5E1}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_it
IE - HKCU\..\SearchScopes\{E3333C96-2E5E-4BF3-B64E-0157AFC8B672}: "URL" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programmi\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\programmi\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\programmi\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\programmi\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programmi\AVG\AVG2012\Firefox4\ [2012.09.11 08:01:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.08 20:28:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Programmi\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.03 09:23:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programmi\Java\jre6\lib\deploy\jqs\ff
[2012.06.29 20:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\AAAAA\Dati applicazioni\Mozilla\Extensions
========== Chrome ==========
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://apps.facebook.com/gardensoftime/?track=bookmark&ref=bookmarks&count=0
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmi\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programmi\QuickTime\plugins\npqtplugin8.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmi\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Disabled) = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = c:\programmi\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Disabled) = c:\programmi\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programmi\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmi\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Disabled) = c:\programmi\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Google Mail = C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2010.08.27 20:20:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programmi\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Programmi\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programmi\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelWireless] C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Programmi\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Programmi\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108859
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108823
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programmi\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O15 - HKCU\..Trusted Domains: facebook.com ([apps] https in Siti attendibili)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1304748869531 (MUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F21AEDA-65C6-4A4F-880B-7A65EBE3E8E5}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.17 09:33:18 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.11 19:30:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\AAAAA\Desktop\OTL.exe
[2012.11.06 09:49:16 | 064,289,064 | ---- | C] (Games ) -- C:\Documents and Settings\AAAAA\Desktop\WorldRiddles3SecretsAges.exe
[2012.10.30 19:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2012.10.30 19:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Intel
[2012.10.30 14:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Funny Bear Studio
[2012.10.30 14:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2012.10.30 14:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AAAAA\Desktop\World Riddles - Seven Wonders
[2012.10.23 19:27:06 | 000,000,000 | ---D | C] -- C:\Programmi\QuickTime
[2012.10.23 19:25:53 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Apple
[2012.10.23 19:25:33 | 000,000,000 | ---D | C] -- C:\Programmi\Apple Software Update
[2012.10.20 14:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Temp
[2012.10.16 20:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\Chromium
[2012.10.16 20:03:47 | 000,000,000 | ---D | C] -- C:\Programmi\SRWare Iron
[2011.01.31 09:23:21 | 000,319,248 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\UPI32.dll
[2011.01.31 09:23:20 | 000,319,248 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\UPI.dll
[2011.01.31 09:23:19 | 000,693,096 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\SetupUi.dll
[2011.01.31 09:23:17 | 000,704,360 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\SetupAcadUi.dll
[2011.01.31 09:23:10 | 001,049,312 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\PatchMgr.dll
[2011.01.31 09:23:05 | 000,653,120 | ---- | C] (Microsoft Corporation) -- C:\Programmi\msvcr90.dll
[2011.01.31 09:23:04 | 000,569,664 | ---- | C] (Microsoft Corporation) -- C:\Programmi\msvcp90.dll
[2011.01.31 09:23:04 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Programmi\msvcm90.dll
[2011.01.31 09:23:01 | 003,783,672 | ---- | C] (Microsoft Corporation) -- C:\Programmi\mfc90u.dll
[2011.01.31 09:22:58 | 000,375,128 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\MC3Res.dll
[2011.01.31 09:22:57 | 001,764,696 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\MC3.dll
[2011.01.31 09:22:56 | 000,108,392 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\LiteHtml.dll
[2011.01.31 09:22:52 | 001,645,320 | ---- | C] (Microsoft Corporation) -- C:\Programmi\gdiplus.dll
[2011.01.31 09:22:49 | 000,544,616 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\DeployUi.dll
[2011.01.31 09:22:48 | 000,085,352 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\CIPUtil.dll
[2011.01.31 09:22:22 | 001,274,728 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\adlmPIT.dll
[2011.01.31 09:22:22 | 000,189,800 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\adlmutil.dll
[2011.01.31 09:22:13 | 000,047,328 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\AcSetup.dll
[2011.01.31 09:21:45 | 000,452,456 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\Setup.exe
[2011.01.31 09:21:45 | 000,190,688 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\senddmp.exe
[2011.01.31 09:20:18 | 000,161,640 | ---- | C] (Autodesk, Inc.) -- C:\Programmi\AcDelTree.exe
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\bass.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.12 20:50:00 | 000,001,144 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.12 20:41:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2012.11.12 20:40:00 | 000,001,234 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2767231553-2537787753-3555782994-1006UA.job
[2012.11.12 17:57:47 | 100,027,288 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.11.12 11:50:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.12 07:29:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.12 07:29:26 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.12 00:40:00 | 000,001,182 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2767231553-2537787753-3555782994-1006Core.job
[2012.11.11 19:57:48 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\AAAAA\Desktop\x8ypdrpr.exe
[2012.11.11 19:30:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\AAAAA\Desktop\OTL.exe
[2012.11.11 19:29:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\AAAAA\defogger_reenable
[2012.11.11 19:27:35 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\AAAAA\Desktop\Defogger.exe
[2012.11.11 19:23:42 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2767231553-2537787753-3555782994-1006.job
[2012.11.10 23:44:24 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2767231553-2537787753-3555782994-1006.job
[2012.11.06 21:39:54 | 000,245,718 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012.11.06 09:49:20 | 064,289,064 | ---- | M] (Games ) -- C:\Documents and Settings\AAAAA\Desktop\WorldRiddles3SecretsAges.exe
[2012.10.30 20:19:41 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\AAAAA\Desktop\Collegamento a Wonders.exe.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.11.11 19:57:46 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\AAAAA\Desktop\x8ypdrpr.exe
[2012.11.11 19:29:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\AAAAA\defogger_reenable
[2012.11.11 19:27:35 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\AAAAA\Desktop\Defogger.exe
[2012.10.30 20:19:41 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\AAAAA\Desktop\Collegamento a Wonders.exe.lnk
[2012.10.23 19:25:37 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Apple Software Update.lnk
[2012.10.13 16:45:50 | 000,372,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.09.18 18:48:08 | 000,076,464 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012.05.27 10:53:47 | 000,003,677 | ---- | C] () -- C:\Documents and Settings\AAAAA\Dati applicazioni\Sys2657a.DLL
[2012.02.14 22:58:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.25 08:56:08 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2011.10.30 11:27:54 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2011.02.17 03:06:41 | 000,001,501 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\RecConfig.xml
[2011.02.16 12:08:44 | 000,239,856 | ---- | C] () -- C:\Documents and Settings\AAAAA\GameUpdater.exe
[2011.02.16 12:06:26 | 000,192,512 | ---- | C] () -- C:\Documents and Settings\AAAAA\xdelta3.exe
[2011.01.31 13:05:12 | 000,000,008 | -H-- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\L8457789110
[2011.01.31 09:30:21 | 000,001,022 | ---- | C] () -- C:\Programmi\upiconfig.xml
[2011.01.31 09:29:08 | 000,075,909 | ---- | C] () -- C:\Programmi\We_Support_You_German.pdf
[2011.01.31 09:29:08 | 000,009,416 | ---- | C] () -- C:\Programmi\AutoCADConfig.pit
[2011.01.31 09:28:14 | 000,023,635 | ---- | C] () -- C:\Programmi\mapfile.mlm
[2011.01.31 09:28:14 | 000,001,528 | ---- | C] () -- C:\Programmi\ProdDep_UserDep.mc3
[2011.01.31 09:28:14 | 000,000,684 | ---- | C] () -- C:\Programmi\ProdInd_UserDep.mc3
[2011.01.31 09:28:14 | 000,000,546 | ---- | C] () -- C:\Programmi\ProdInd_UserInd.mc3
[2011.01.31 09:28:14 | 000,000,216 | ---- | C] () -- C:\Programmi\ProdDep_UserInd.mc3
[2011.01.31 09:20:16 | 000,000,043 | ---- | C] () -- C:\Programmi\autorun.inf
[2011.01.31 09:20:15 | 000,018,506 | ---- | C] () -- C:\Programmi\Setup.ini
[2010.12.28 09:44:54 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.12.16 01:24:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2010.06.13 16:16:02 | 000,000,236 | ---- | C] () -- C:\Programmi\File comuni\dx.reg
[2010.06.06 12:44:09 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\AAAAA\Impostazioni locali\Dati applicazioni\no23xwrapper.dll
========== ZeroAccess Check ==========
[2006.01.17 09:40:53 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:13:50 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:43 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:13:56 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.02.09 07:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AAAAA\Dati applicazioni\AVG2012
[2012.04.20 19:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AAAAA\Dati applicazioni\JAM Software
[2012.07.21 08:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\AAAAA\Dati applicazioni\Notepad++
[2012.10.22 18:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AVG2012
[2012.11.09 18:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Funny Bear Studio
[2012.11.12 17:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MFAData
[2012.11.12 16:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:EB86F355
< End of report > Extra.txt Code:
OTL Extras logfile created on: 11.11.2012 19:30:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\YYYY\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germania | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,25% Memory free
5,76 Gb Paging File | 5,17 Gb Available in Paging File | 89,78% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 92,91 Gb Total Space | 31,15 Gb Free Space | 33,52% Space Free | Partition Type: NTFS
Computer Name: XXXX | User Name: YYYY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programmi\Messenger\msmsgs.exe" = C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programmi\AVG\AVG10\avgmfapx.exe" = C:\Programmi\AVG\AVG10\avgmfapx.exe:*:Enabled:Installazione di AVG
"C:\Programmi\Internet Explorer\iexplore.exe" = C:\Programmi\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programmi\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Programmi\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Programmi\AVG\AVG2012\avgmfapx.exe" = C:\Programmi\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG2012\avgnsx.exe" = C:\Programmi\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG2012\avgdiagex.exe" = C:\Programmi\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnose 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG2012\avgemcx.exe" = C:\Programmi\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal eMail-Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06C71F80-0E30-4E2C-878F-8502AB5AE3BE}" = ATI Catalyst Control Center
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = Manuali TOSHIBA
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{661E5E8A-C9AF-4815-8996-C2A809196864}" = Schreibmaschinenkurs 3.5 Shareware
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{691BD252-796D-4AE3-924C-C48A1CD4BEDF}" = OpenOffice.org 3.2
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = Suono virtuale TOSHIBA
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Silenziatore unità CD/DVD
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A351224F-533A-4EED-89F4-0BF3417FD31D}" = WD Backup
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A725C340-77EE-11D6-BBC2-0000CB591583}" = A.F.5 Rename your files 1.1
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"All ATI Software" = ATI - Programma di disinstallazione
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FileZilla Client" = FileZilla Client 3.5.0
"HyperCam 2" = HyperCam 2
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP3 Recorder Studio_is1" = MP3 Recorder Studio 6.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Notepad++" = Notepad++
"PDFConverter Desktop_is1" = PDFConverter Desktop
"Power Saver" = Risparmio energetico TOSHIBA
"ProInst" = Software Intel(R) PROSet/Wireless
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ToshibaConnect" = Toshiba Connect
"TreeSize Free_is1" = TreeSize Free V2.7
"Utilità di diagnostica del PC" = Utilità di diagnostica del PC TOSHIBA
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xaldon WebSpider 2" = Xaldon WebSpider 2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab FLV Player" = FoxTab FLV Player
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.07.2012 03:36:03 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore FlashPlayerUpdateService.exe,
versione 11.3.300.268, modulo che ha provocato l'errore ntdll.dll, versione 5.1.2600.6055,
indirizzo errore 0x000113c0.
Error - 31.07.2012 12:36:18 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore FlashPlayerUpdateService.exe,
versione 11.3.300.268, modulo che ha provocato l'errore ntdll.dll, versione 5.1.2600.6055,
indirizzo errore 0x000113c0.
Error - 01.08.2012 00:36:15 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore , versione 0.0.0.0, modulo
che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x00000000.
Error - 01.08.2012 07:36:17 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore FlashPlayerUpdateService.exe,
versione 11.3.300.268, modulo che ha provocato l'errore ntdll.dll, versione 5.1.2600.6055,
indirizzo errore 0x000113c0.
Error - 02.08.2012 02:36:20 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore FlashPlayerUpdateService.exe,
versione 11.3.300.268, modulo che ha provocato l'errore ntdll.dll, versione 5.1.2600.6055,
indirizzo errore 0x000113c0.
Error - 27.09.2012 05:28:24 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x04bdf6d5.
Error - 28.09.2012 05:36:16 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore , versione 0.0.0.0, modulo
che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x059af6d5.
Error - 30.09.2012 04:24:17 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore gnotify.exe, versione 1.0.25.0,
modulo che ha provocato l'errore , versione 5.1.2600.6055, indirizzo errore 0x00019af2.
Error - 30.10.2012 04:55:15 | Computer Name = XXXX | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore explorer.exe, versione 6.0.2900.5512,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x0546f6d5.
Error - 07.11.2012 07:42:57 | Computer Name = XXXX | Source = ESENT | ID = 490
Description = svchost (1248) Tentativo di apertura del file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
per accesso in lettura e scrittura non riuscito con errore di sistema 32 (0x00000020):
"Impossibile accedere al file. Il file è utilizzato da un altro processo. ". L'operazione
di apertura del file non verrà effettuata con errore -1032 (0xfffffbf8).
[ System Events ]
Error - 08.11.2012 09:55:07 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 08.11.2012 19:42:32 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 09.11.2012 03:55:06 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 09.11.2012 12:10:50 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 10.11.2012 02:19:35 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 10.11.2012 23:43:32 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 11.11.2012 05:37:03 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 11.11.2012 13:11:34 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 11.11.2012 14:17:59 | Computer Name = XXXX | Source = Service Control Manager | ID = 7023
Description = Servizio Accesso periferica Human Interface terminato con l'errore:
%%126
Error - 11.11.2012 14:18:08 | Computer Name = XXXX | Source = System Error | ID = 1003
Description = Codice errore 10000050, parametro1 e309401c, parametro2 00000000,
parametro3 bf82ebd1, parametro4 00000001.
< End of report > Gmer.txt Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-11 23:54:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS021G
Running: x8ypdrpr.exe; Driver: C:\DOCUME~1\YYYY~1\IMPOST~1\Temp\pxtdipog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xAEA0A004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xAEA0A0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAEA09D76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAEA09E1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAEA09EBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAEA09F56]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB9C0FEBF]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[1764] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 05E2FC69 C:\Programmi\PDFConverterDesktop\PDFConverterShell.dll
.text C:\Programmi\Real\RealPlayer\update\realsched.exe[2584] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B220410-55F3-E40C-1381-E7333CA05BD2}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B220410-55F3-E40C-1381-E7333CA05BD2}@gafdimgiocciag 0x61 0x63 0x62 0x6A ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 195366468
Disk \Device\Harddisk0\DR0 PE file @ sector 195366490
---- EOF - GMER 1.0.15 ---- |