Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Immer wieder auf 95p.com umgeleitet...

Immer wieder auf 95p.com umgeleitet...


Log-Analyse und Auswertung: Immer wieder auf 95p.com umgeleitet...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 04.01.2012, 19:29   #12
Sardine
 
Immer wieder auf 95p.com umgeleitet... - Standard

Immer wieder auf 95p.com umgeleitet...


Hallo,
jetzt hab ich vor lauter Langeweile mal fuer DIESEN PC ein Logfile gemacht: NICHT, dass da auch Trojaner, Viren und Wuermer drauf lauern... (OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04/01/2012 19.16.07 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = c:\Users\Anja\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
1,99 Gb Total Physical Memory | 0,70 Gb Available Physical Memory | 35,16% Memory free
4,22 Gb Paging File | 2,18 Gb Available in Paging File | 51,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105,32 Gb Total Space | 23,12 Gb Free Space | 21,95% Space Free | Partition Type: NTFS
Drive D: | 6,47 Gb Total Space | 6,40 Gb Free Space | 98,93% Space Free | Partition Type: NTFS
 
Computer Name: PASCAL | User Name: Anja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\Anja\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programmi\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
PRC - C:\Programmi\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programmi\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programmi\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programmi\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programmi\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programmi\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programmi\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programmi\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Programmi\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Programmi\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programmi\Tech\Wheel Mouse\5.0\Mouse32A.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programmi\Mozilla Firefox\js3250.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\694e6c090466649433bae36539849177\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programmi\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programmi\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\sjctetpt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\sjctetpt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll ()
MOD - C:\Programmi\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll ()
MOD - C:\Programmi\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Programmi\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Programmi\Tech\Wheel Mouse\5.0\Mouse32A.exe ()
MOD - C:\Programmi\Tech\Wheel Mouse\5.0\MOUDL32A.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (XAudioService) --  File not found
SRV - (nosGetPlusHelper) getPlus(R) --  File not found
SRV - (LiveUpdate Notice Ex) --  File not found
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Kodak AiO Network Discovery Service) -- C:\Programmi\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Programmi\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Programmi\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Utilità di pianificazione di LiveUpdate automatico) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDrivervtx) -- C:\Programmi\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFiltervtx) -- C:\Programmi\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimvtx) -- C:\Programmi\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSErHrvtx) -- C:\Windows\System32\Drivers\AVGIDSvx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (OemBiosDevice) -- C:\Windows\system32\DRIVERS\royal.sys (PARADOX)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (NETw3v32) Driver per scheda di rete Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Compaq | MSN
IE - HKLM\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programmi\TorrentMan\tbTor1.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Messenger, Hotmail, MSN, Windows Live: benvenuti su MSN.it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it-IT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 4C 2A 3A BC 6D CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programmi\TorrentMan\tbTor1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}:2.2.9
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: faceplus@face-plus.com:1.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..keyword.URL: "hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={8164A20E-ED7B-299E-30F7-185C48C1D17A}&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.97: C:\Program Files\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Anja\AppData\Roaming\nprhapengine.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/05 08.54.07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 19.56.18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/22 16.13.11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 16.13.11 | 000,000,000 | ---D | M]
 
[2011/10/09 19.23.09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Extensions
[2012/01/04 17.01.22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\sjctetpt.default\extensions
[2009/09/03 07.15.43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\sjctetpt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/27 21.06.47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\sjctetpt.default\extensions\{26647ca4-a2a7-4eac-8a72-761aa9141de7}
[2011/06/11 18.56.07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\sjctetpt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/11/12 14.03.36 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\sjctetpt.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
[2011/10/09 19.22.37 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\sjctetpt.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2009/08/01 17.09.30 | 000,000,000 | ---D | M] (My Web Tattoo (Fast Browser Search)) -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\sjctetpt.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/10/25 22.54.48 | 000,000,000 | ---D | M] ("Faceplus") -- C:\Users\Anja\AppData\Roaming\mozilla\Firefox\Profiles\sjctetpt.default\extensions\faceplus@face-plus.com
[2009/01/25 21.40.24 | 000,001,681 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\sjctetpt.default\searchplugins\ask.uk.xml
[2009/11/13 08.22.01 | 000,002,163 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\sjctetpt.default\searchplugins\bing.xml
[2009/08/01 17.09.35 | 000,005,407 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\sjctetpt.default\searchplugins\fast-browser-search.xml
[2008/04/24 13.51.30 | 000,001,861 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\sjctetpt.default\searchplugins\LiveSearch.xml
[2011/10/09 19.22.18 | 000,002,507 | ---- | M] () -- C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\sjctetpt.default\searchplugins\SearchResults.xml
[2012/01/04 17.01.22 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2011/06/07 19.53.50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2007/09/21 16.11.05 | 000,000,000 | ---D | M] (Google Settings) -- C:\Programmi\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2011/09/13 19.56.18 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2011/10/09 19.23.09 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2007/11/21 13.39.29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/07/04 12.22.01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/07 18.50.47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/08/24 02.01.51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2011/06/07 19.53.50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/02/12 11.48.07 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
[2011/06/07 19.52.07 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/20 09.42.15 | 000,000,744 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-it.xml
[2009/12/25 09.17.26 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/12/25 09.17.26 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2011/03/20 09.42.15 | 000,000,825 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\hoepli.xml
[2011/10/09 19.22.18 | 000,002,507 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011/03/20 09.42.15 | 000,001,182 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-it.xml
[2011/03/20 09.42.15 | 000,000,953 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-it.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2006/09/18 22.41.30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programmi\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programmi\TorrentMan\tbTor1.dll (Conduit Ltd.)
O2 - BHO: (Guida per l'accesso a Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Programmi\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programmi\TorrentMan\tbTor1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Programmi\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Programmi\TorrentMan\tbTor1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programmi\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DATAMNGR] C:\Programmi\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LWBMOUSE] C:\Programmi\Tech\Wheel Mouse\5.0\Mouse32A.exe ()
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Anja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/it/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DD577D7-E948-409D-823D-B13719DC511F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24CA57CD-6BE2-44F1-B9E1-B1D24FAD2798}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84185A4F-6F9E-4395-A992-2837D65DAC21}: DhcpNameServer = 83.224.65.134 83.224.66.134
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) -C:\Programmi\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) -C:\Programmi\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (avgrsstx.dll) -avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Anja\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anja\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg
O28 - HKLM ShellExecuteHooks: {040BA7F9-CDC9-4F2A-BAFD-5B13501B2DAD} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{101645d1-db49-11de-8d52-0016d4f23e25}\Shell\Auto\command - "" = Start.exe
O33 - MountPoints2\{101645d1-db49-11de-8d52-0016d4f23e25}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
O33 - MountPoints2\{20cb106b-3271-11df-802c-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{20cb106b-3271-11df-802c-00a0c6000000}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{303e58d4-59cd-11df-a48d-0016d4f23e25}\Shell - "" = AutoRun
O33 - MountPoints2\{303e58d4-59cd-11df-a48d-0016d4f23e25}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{303e58e7-59cd-11df-a48d-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{303e58e7-59cd-11df-a48d-00a0c6000000}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{46299da7-df06-11dd-b78e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{46299da7-df06-11dd-b78e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{46299ded-df06-11dd-b78e-0016d4f23e25}\Shell - "" = AutoRun
O33 - MountPoints2\{46299ded-df06-11dd-b78e-0016d4f23e25}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7100ccc6-edc9-11dd-a3e4-0016d4f23e25}\Shell\AutoRun\command - "" = F:\p6xebrnt.exe
O33 - MountPoints2\{7100ccc6-edc9-11dd-a3e4-0016d4f23e25}\Shell\open\Command - "" = F:\p6xebrnt.exe
O33 - MountPoints2\{da383383-e4db-11dd-985a-0016d4f23e25}\Shell - "" = AutoRun
O33 - MountPoints2\{da383383-e4db-11dd-985a-0016d4f23e25}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f78e048a-d75c-11dd-b8ac-0016d4f23e25}\Shell - "" = AutoRun
O33 - MountPoints2\{f78e048a-d75c-11dd-b8ac-0016d4f23e25}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f78e04a3-d75c-11dd-b8ac-0016d4f23e25}\Shell - "" = AutoRun
O33 - MountPoints2\{f78e04a3-d75c-11dd-b8ac-0016d4f23e25}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/14 17.12.14 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 17.12.13 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 17.12.03 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 17.11.27 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 17.03.13 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 17.02.42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/04 19.17.04 | 000,005,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 19.17.04 | 000,005,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 19.07.55 | 000,000,000 | ---- | M] () -- C:\Users\Anja\AppData\Local\prvlcl.dat
[2012/01/04 18.37.01 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/04 18.37.01 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/04 17.16.58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/04 16.58.34 | 091,290,060 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/01/04 08.35.24 | 000,620,460 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2011/12/31 13.58.56 | 000,683,382 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2011/12/31 13.58.56 | 000,611,932 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/31 13.58.56 | 000,144,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/31 13.58.56 | 000,128,570 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2011/12/18 13.33.04 | 003,314,739 | ---- | M] () -- C:\Users\Anja\Desktop\newsite.zip
[2011/12/18 13.27.16 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2011/12/18 13.33.04 | 003,314,739 | ---- | C] () -- C:\Users\Anja\Desktop\newsite.zip
[2010/12/10 15.34.30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/07/31 14.23.06 | 000,761,850 | ---- | C] () -- C:\Windows\System32\icuin36.dll
[2010/04/14 19.42.30 | 000,000,000 | ---- | C] () -- C:\Users\Anja\AppData\Local\prvlcl.dat
[2010/01/15 18.24.26 | 000,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/12/30 15.36.03 | 000,158,612 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/12/27 01.20.39 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/03 13.56.32 | 000,000,000 | ---- | C] () -- C:\Users\Anja\AppData\Local\rx_image.Cache
[2009/10/21 10.39.29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/21 10.34.13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15.07.42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15.07.42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/09 13.44.42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009/04/07 09.54.03 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/04/07 09.41.04 | 000,000,270 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/02 07.57.25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/18 00.28.21 | 000,008,054 | ---- | C] () -- C:\Users\Anja\AppData\Roaming\NMM-MetaData.db
[2008/09/17 12.36.22 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2008/09/17 12.36.20 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2008/09/17 12.36.20 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008/09/17 12.36.20 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2008/08/15 17.57.59 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008/06/13 09.12.30 | 000,000,552 | ---- | C] () -- C:\Users\Anja\AppData\Local\d3d8caps.dat
[2008/04/01 18.37.33 | 000,001,356 | ---- | C] () -- C:\Users\Anja\AppData\Local\d3d9caps.dat
[2008/03/15 20.12.10 | 000,008,761 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/02/17 10.07.09 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/11/16 15.41.19 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/10/09 14.59.52 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007/09/15 13.08.17 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2007/09/15 13.08.08 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007/09/14 14.05.02 | 000,024,206 | ---- | C] () -- C:\Users\Anja\AppData\Roaming\UserTile.png
[2007/09/13 21.51.15 | 000,107,008 | ---- | C] () -- C:\Users\Anja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/15 23.33.14 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/08/15 23.30.26 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/05/08 23.10.27 | 000,106,100 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/03/29 23.00.40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2007/02/27 21.43.02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/31 18.03.26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1187.dll
[2007/01/31 16.39.28 | 000,180,224 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/13 22.01.36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22.01.36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/06 02.52.05 | 000,683,382 | ---- | C] () -- C:\Windows\System32\perfh010.dat
[2006/11/06 02.52.05 | 000,331,172 | ---- | C] () -- C:\Windows\System32\perfi010.dat
[2006/11/06 02.52.05 | 000,128,570 | ---- | C] () -- C:\Windows\System32\perfc010.dat
[2006/11/06 02.52.05 | 000,036,614 | ---- | C] () -- C:\Windows\System32\perfd010.dat
[2006/11/02 13.57.28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13.47.37 | 000,469,528 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13.35.32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11.33.01 | 000,611,932 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11.33.01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11.33.01 | 000,144,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11.33.01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11.23.21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09.58.30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09.19.00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08.40.29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08.25.31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/10 01.58.00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/02/10 00.02.22 | 000,000,000 | ---- | C] () -- C:\Users\Anja\AppData\Local\{24D6726E-44D6-474D-B605-6C373CFAB493}
[2005/11/17 18.57.30 | 000,258,560 | ---- | C] () -- C:\Windows\System32\MusicTagsAX.dll
[2003/08/07 20.01.50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
 
========== LOP Check ==========
 
[2010/06/09 19.48.55 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\AVG9
[2009/02/23 22.35.10 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\DataCast
[2008/12/08 18.08.28 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\LimeWire
[2008/12/17 21.00.03 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Nokia
[2008/02/27 16.47.44 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Nvu
[2011/06/07 20.29.11 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\OpenOffice.org
[2008/06/11 21.19.36 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\PC Suite
[2012/01/04 17.00.14 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Temp
[2007/09/14 18.13.34 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\TuneUp Software
[2010/03/18 10.42.00 | 000,000,000 | ---D | M] -- C:\Users\Anja\AppData\Roaming\Vodafone
[2006/02/12 02.58.39 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/15 17.28.00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{C35A41AB-596D-47E7-A405-64A4F04FF42E}.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011/03/24 19.35.23 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\₸ʸ
[2011/03/24 19.35.23 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\₸ʸ
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 700 bytes -> C:\Users\Anja\Documents\Re_ liebe Grüsse.eml:OECustomProperty

< End of report >
--- --- ---
 

Themen zu Immer wieder auf 95p.com umgeleitet...
.dll, avg, bho, bonjour, ccsetup, conduit, defender, entfernen, excel, explorer, firefox, format, google, google earth, helper, home, host.exe, html, icq, logfile, microsoft, mozilla, plug-in, realtek, scan, senden, software, taskhost.exe, trojaner, version=1.0, webcheck, windows, winlogon


« Achtung! aus sicherheitsgründen wurde ihr windowsystem blockiert | hallo 100€ abzocke »


Ähnliche Themen: Immer wieder auf 95p.com umgeleitet...


  1. Windows 7: Avira meldet immer wieder ADWARE/Adware.Gen4 bzw. .Gen7, zudem taucht Optimizer Pro immer wieder auf
    Log-Analyse und Auswertung - 14.12.2014 (9)
  2. Pc wieder sehr langsam, Firefox stürzt immer wieder ab.
    Log-Analyse und Auswertung - 21.08.2013 (9)
  3. PC fährt immer wieder von alleine runter und wieder hoch
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (13)
  4. Browser hat immer script akamaihd.net, Google Suche wird umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (34)
  5. Goingonearth Virus !! Werde immer auf Werbeseiten umgeleitet, Sicherheitscenter und Win Defender fäl
    Log-Analyse und Auswertung - 18.08.2011 (12)
  6. Google links werden hin und wieder umgeleitet auf 100ksearches.com
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  7. Es erstellt sich immer ein Ordner und er kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (1)
  8. Internet immer wieder langsam, dann wieder normal usw.
    Log-Analyse und Auswertung - 20.10.2010 (1)
  9. IE öffnet immer wieder werbefenster sowie geht immer wieder der ton aus
    Plagegeister aller Art und deren Bekämpfung - 15.07.2010 (2)
  10. Werde immer auf andere Seiten umgeleitet
    Log-Analyse und Auswertung - 11.02.2009 (9)
  11. Media Player öffnet sich selbstständig immer und immer wieder
    Log-Analyse und Auswertung - 30.10.2008 (0)
  12. Werde immer Umgeleitet
    Log-Analyse und Auswertung - 22.08.2007 (2)
  13. Hilfe, ich werde im Internet immer auf andere Seiten umgeleitet!
    Plagegeister aller Art und deren Bekämpfung - 19.05.2007 (1)
  14. Explorer/Google wird immer umgeleitet,brauche Rat
    Plagegeister aller Art und deren Bekämpfung - 06.12.2006 (3)
  15. Were immer umgeleitet! Bitte um Hilfe!
    Mülltonne - 05.12.2006 (0)
  16. Hilfe werd immer wieder auf from-google-yahoo-msn.com umgeleitet!
    Log-Analyse und Auswertung - 15.08.2006 (1)
  17. Immer wieder umgeleitet - Logfile
    Log-Analyse und Auswertung - 15.10.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Immer wieder auf 95p.com umgeleitet... - Hallo, jetzt hab ich vor lauter Langeweile mal fuer DIESEN PC ein Logfile gemacht: NICHT, dass da auch Trojaner, Viren und Wuermer drauf lauern... (OTL Logfile: Code: Alles auswählen Aufklappen - Immer wieder auf 95p.com umgeleitet......
Archiv
Du betrachtest: Immer wieder auf 95p.com umgeleitet... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131