Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme
Virus Protector wie loswerden?

Virus Protector wie loswerden?


Antiviren-, Firewall- und andere Schutzprogramme: Virus Protector wie loswerden?

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Seite 2 von 3 1 2 3
Alt 05.04.2010, 10:35   #16
Larusso
/// Selecta Jahrusso
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


Okay, dann bitte folgendes.

Versuchen wir mal ganz normal zu arbeiten.

schritt 1

Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


schritt 2

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
  • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
  • Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
  • Aktiviere "Quick-Scan durchführen" => Scan.
  • Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
  • Bei Funden in C:\System Volume Information den Haken entfernen.
    Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
    Er könnte jedoch trotz Malware noch gebraucht werden.
  • Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
  • Berichte, wie der Rechner nun läuft.
Hier findest Du eine ausführliche und bebilderte Anleitung.


schritt 3

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread


Bitte poste in Deiner nächsten Antwort
Log von Malwarebytes
OTL.txt
Extras.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Alt 05.04.2010, 11:12   #17
sonpetitchou
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 05/04/2010 12.03.14 - Run 1
OTL by OldTimer - Version 3.2.1.0     Folder = d:\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 48,83 Gb Total Space | 35,79 Gb Free Space | 73,28% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 159,28 Gb Free Space | 86,54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 980,00 Mb Total Space | 963,58 Mb Free Space | 98,32% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HP6735S
Current User Name: Paola
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programmi\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programmi\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1
"AntiSpywareOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc]
"AntiVirusDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\Svc]
"FirewallDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\Svc\Svc]
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\Svc\Svc\Svc]
"UpdatesDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\Svc\Svc\Svc\Svc]
"UacDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8085:TCP" = 8085:TCP:*:Enabled:LitvinenKO
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\iTunes\iTunes.exe" = C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player  -- (Veoh Networks)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05B62241-5495-46EF-5086-DBE0F37F052C}" = Catalyst Control Center Localization Korean
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27FE77BD-2E0A-385C-C2CC-8367D877356F}" = CCC Help Norwegian
"{2CD54AED-740B-1418-464E-CC8E15AD1E4F}" = Catalyst Control Center Localization Swedish
"{2D0EE88B-8720-50A7-7F31-503B4300A8C5}" = Catalyst Control Center Localization French
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35EB3E58-F46C-CB48-C623-16A455C37C5D}" = CCC Help Turkish
"{36C491D0-A196-F49C-C63C-3509D7A2B91D}" = CCC Help Finnish
"{37AF26EB-ACCD-4F9C-A13E-81483F932203}" = Catalyst Control Center - Branding
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45E6BF4C-6DC8-B1BB-517C-5F2C1D055A9B}" = CCC Help Hungarian
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{48072101-4DFE-9DC2-9F5D-DE0EF7193C98}" = CCC Help Korean
"{49798684-CC48-AF5C-E513-9FFF61EFD3A6}" = CCC Help Japanese
"{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}" = AMD Driver Support for HP 3D DriverGuard
"{4CF11D44-43B7-1359-B438-972C69D7AD6F}" = CCC Help Spanish
"{4ED20E34-D511-A85B-D7E5-755AE64D5F6C}" = CCC Help Portuguese
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B186F6-E6A7-A997-92E6-3E8C6189F497}" = Catalyst Control Center Localization Japanese
"{5AB422C9-E804-1331-233E-E44D8BBC1862}" = CCC Help German
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5ED80CF6-D54D-5F9B-2B9C-E3B6F927879D}" = CCC Help Czech
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60AFC32A-B82F-3818-E90B-A71446BBCCD6}" = Catalyst Control Center Localization Greek
"{6162653F-D1AB-6708-C73B-8411296900AE}" = Catalyst Control Center Localization Portuguese
"{6179EAEB-0C72-0241-DC0B-0258E86B982A}" = ccc-core-preinstall
"{64FBF438-35D1-8A01-FB00-36911B07FC72}" = Catalyst Control Center Graphics Light
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B4469FE-20FA-9E1D-6634-CF971706BD24}" = Catalyst Control Center Localization Chinese Traditional
"{6C17DE97-6A5A-FA9C-0F4C-8B027E6AC014}" = CCC Help Russian
"{6FCA773E-903A-5C83-D379-DD53F9EFD794}" = Catalyst Control Center Localization Turkish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{747626CF-7958-290F-A7D8-6EE6549C8614}" = Catalyst Control Center Localization Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7B459B8C-D870-2C14-9BA7-ABFFBCE7CD34}" = CCC Help Italian
"{7BE1B3CE-5476-B847-4719-4421AEC5C663}" = CCC Help Thai
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{875FDD1A-4259-9361-572C-780AC637C81A}" = Catalyst Control Center Localization Czech
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F676C36-74D3-9B7B-00FC-733EE5AFDA95}" = CCC Help Chinese Traditional
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{983980FC-66FB-4ECC-A5D8-4565BE217733}" = SCR3xxx Smart Card Reader
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2CB5EC7-E64F-5E35-2A23-63CB198649F5}" = CCC Help Greek
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A777845E-F260-4572-787B-2BD08E560C78}" = Catalyst Control Center Localization Spanish
"{A7A1BCB9-B9EE-3DBB-6F1C-570C532B9190}" = CCC Help French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9884559-F231-7727-95F4-41FDB052A536}" = Catalyst Control Center Localization Russian
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB785290-EA80-7A10-B2C6-98919E514A68}" = Catalyst Control Center Graphics Full New
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1040-7B44-A91000000001}" = Adobe Reader 9.1.3 - Italiano
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEA355A4-997D-A49D-A57A-CF537FFFEC84}" = Skins
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B18A542F-C99B-73C9-6552-73E1216E8834}" = CCC Help Dutch
"{B5764B71-4BCE-206A-DE15-2E05469AA74C}" = Catalyst Control Center Localization Polish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B817499D-2D52-2F37-DF6F-40735748FA88}" = CCC Help English
"{BC66641A-3279-BB5E-BEAB-99B39D13B3BD}" = CCC Help Polish
"{BE282C23-5484-47FF-B2C1-EBEA5C891040}" = Nero 8 Ultra Edition HD
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C3D86DED-91D7-A890-5E9E-D14D993B5E9E}" = Catalyst Control Center Localization Dutch
"{C4BEF3C4-9DF1-6D99-6C46-BBBF8E4B07A5}" = ccc-core-static
"{C6BB4BD5-15D5-0B2D-CF4A-49BDCD7B3AC3}" = Catalyst Control Center Localization Norwegian
"{C90BE263-E9B8-AD82-C517-3197FA4DA9C4}" = CCC Help Danish
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D9C94F63-6B2C-9BFA-F37C-E48E1B6133E1}" = CCC Help Swedish
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX 2.2.3
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E19DF3EF-351E-EE5E-623B-1A99C8C3EB5F}" = Catalyst Control Center Graphics Full Existing
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E2EF1380-9963-C7F9-3478-1046EC008C02}" = Catalyst Control Center Localization Chinese Standard
"{E4EF3303-7E22-44E5-82EB-48589B06A549}" = HP 3D DriveGuard
"{E78D8DE3-E3CD-E89C-D5A0-D8FFE5F6E7F9}" = CCC Help Chinese Standard
"{EA7D5022-7744-4D28-0E83-2DF9678C27B6}" = Catalyst Control Center Core Implementation
"{EDD0A584-1ABB-8E7B-97AB-743C7E35EEA7}" = Catalyst Control Center Localization German
"{EFBC8D78-75EA-4BB1-0CC6-172BFDF4B70F}" = Catalyst Control Center Localization Danish
"{F01701B8-2C94-282D-9339-23AFBEDBE3E2}" = Catalyst Control Center Localization Italian
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BE302E-6B30-B816-4EA3-23CD6A23B08D}" = ccc-utility
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{F940B4EC-8504-CEE5-F36C-C2F5471D9E87}" = Catalyst Control Center Localization Thai
"{FBAA2B2F-002D-45BB-2917-35FC46FB1326}" = Catalyst Control Center Localization Finnish
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Scheda LAN wireless Broadcom 802.11
"CCleaner" = CCleaner
"ConvivaProxyIE" = Conviva LivePass
"DVDFab Ghosthunter release_is1" = DVDFab Ghosthunter release 5.3.0.5 Beta
"eMule" = eMule
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.26 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VideoLAN VLC media player 0.8.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23/03/2010 17.57.34 | Computer Name = HP6735S | Source = Windows Search Service | ID = 3024
Description = Impossibile avviare l'aggiornamento. Le origini di contenuto non sono
 accessibili. Correggere gli errori e riprovare a eseguire l'aggiornamento.  Contesto:
 applicazione , catalogo SystemIndex 
 
Error - 23/03/2010 17.57.35 | Computer Name = HP6735S | Source = Windows Search Service | ID = 3024
Description = Impossibile avviare l'aggiornamento. Le origini di contenuto non sono
 accessibili. Correggere gli errori e riprovare a eseguire l'aggiornamento.  Contesto:
 applicazione , catalogo SystemIndex 
 
Error - 26/03/2010 4.21.41 | Computer Name = HP6735S | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore iexplore.exe, versione 8.0.6001.18702,
 modulo che ha provocato l'errore imon.dll, versione 2.70.26.0, indirizzo errore
 0x0002472a.
 
Error - 26/03/2010 4.48.00 | Computer Name = HP6735S | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore iexplore.exe, versione 8.0.6001.18702,
 modulo che ha provocato l'errore wdmaud.drv, versione 5.1.2600.5512, indirizzo 
errore 0x0000461f.
 
Error - 27/03/2010 7.43.24 | Computer Name = HP6735S | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore SearchIndexer.exe, versione
 7.0.6001.16503, modulo che ha provocato l'errore tquery.dll, versione 7.0.6001.16503,
 indirizzo errore 0x00119d38.
 
Error - 30/03/2010 17.54.05 | Computer Name = HP6735S | Source = Google Update | ID = 20
Description = 
 
Error - 03/04/2010 20.39.33 | Computer Name = HP6735S | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore iexplore.exe, versione 8.0.6001.18702,
 modulo che ha provocato l'errore mshtml.dll, versione 8.0.6001.18904, indirizzo
 errore 0x000da1ac.
 
Error - 05/04/2010 4.54.12 | Computer Name = HP6735S | Source = Google Update | ID = 20
Description = 
 
Error - 05/04/2010 5.34.10 | Computer Name = HP6735S | Source = Windows Search Service | ID = 3024
Description = Impossibile avviare l'aggiornamento. Le origini di contenuto non sono
 accessibili. Correggere gli errori e riprovare a eseguire l'aggiornamento.  Contesto:
 applicazione , catalogo SystemIndex 
 
Error - 05/04/2010 5.34.10 | Computer Name = HP6735S | Source = Windows Search Service | ID = 3024
Description = Impossibile avviare l'aggiornamento. Le origini di contenuto non sono
 accessibili. Correggere gli errori e riprovare a eseguire l'aggiornamento.  Contesto:
 applicazione , catalogo SystemIndex 
 
[ System Events ]
Error - 05/04/2010 5.40.13 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Nero BackItUp Scheduler 3. Questo
 evento si è già verificato 1 volta(e).
 
Error - 05/04/2010 5.40.13 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio NMSAccessU. Questo evento si 
è già verificato 1 volta(e).
 
Error - 05/04/2010 5.40.14 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio PLFlash DeviceIoControl Service.
 Questo evento si è già verificato 1 volta(e).
 
Error - 05/04/2010 5.40.14 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio hpqwmiex. Questo evento si è 
già verificato 1 volta(e).
 
Error - 05/04/2010 5.40.14 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio NMIndexingService. Questo evento
 si è già verificato 1 volta(e).
 
Error - 05/04/2010 5.40.14 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Servizio iPod. Questo evento 
si è già verificato 1 volta(e).
 
Error - 05/04/2010 5.40.14 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Com4QLBEx. Questo evento si è
 già verificato 1 volta(e).
 
Error - 05/04/2010 5.55.48 | Computer Name = HP6735S | Source = sr | ID = 1
Description = Errore imprevisto '0xC0000001' durante l'elaborazione del file '' 
sul volume 'HarddiskVolume1'. Il monitoraggio del volume è stato interrotto.
 
Error - 05/04/2010 5.58.27 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
 servizio Microsoft User vmx86.
 
Error - 05/04/2010 5.58.27 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7000
Description = Il servizio Microsoft User vmx86 non è stato avviato per il seguente
 errore:   %%1053
 
 
< End of report >
__________________
Alt 05.04.2010, 11:15   #18
sonpetitchou
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


OTL.txt

Code:
ATTFilter
OTL logfile created on: 05/04/2010 12.03.14 - Run 1
OTL by OldTimer - Version 3.2.1.0     Folder = d:\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 48,83 Gb Total Space | 35,79 Gb Free Space | 73,28% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 159,28 Gb Free Space | 86,54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 980,00 Mb Total Space | 963,58 Mb Free Space | 98,32% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: HP6735S
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010/04/03 17.01.42 | 000,561,664 | ---- | M] (OldTimer Tools) -- d:\DESKTOP\OTL.exe
PRC - [2010/03/09 12.24.10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 12.24.08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/09/08 12.55.58 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/08/28 20.42.54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/28 02.19.10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Programmi\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2008/10/20 21.18.26 | 000,071,096 | ---- | M] () -- C:\Programmi\CDBurnerXP\NMSAccessU.exe
PRC - [2008/05/12 14.55.10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/13 20.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 17.09.56 | 001,044,480 | R--- | M] (Analog Devices, Inc.) -- C:\Programmi\Analog Devices\Core\smax4pnp.exe
PRC - [2008/03/18 17.27.12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2008/02/28 18.07.58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/02/28 18.07.48 | 000,529,704 | ---- | M] (Nero AG) -- C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
PRC - [2008/02/18 17.29.02 | 002,221,352 | ---- | M] (Nero AG) -- C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2007/05/15 17.08.40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Programmi\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 17.08.38 | 000,095,024 | ---- | M] (ActivIdentity) -- C:\Programmi\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/15 17.08.08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Programmi\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2003/06/19 15.25.00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/04/03 17.01.42 | 000,561,664 | ---- | M] (OldTimer Tools) -- d:\DESKTOP\OTL.exe
MOD - [2008/05/12 14.51.24 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010/03/09 12.24.08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 12.24.08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 12.24.08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/08/28 20.42.54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/10/20 21.18.26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programmi\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/13 20.13.50 | 000,124,928 | ---- | M] (CMedia) [Auto | Stopped] -- C:\WINDOWS\system32\certoko.dll -- (ipokoraid)
SRV - [2008/03/18 17.27.12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/02/28 18.07.48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/05/15 17.08.40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Programmi\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2003/07/28 12.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 15.25.00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.libero.it/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://it.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 34 4B AA 1B 2C CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
O1 HOSTS File: ([2006/03/02 13.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Programmi\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [accrdsub] C:\Programmi\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [avast5] C:\Programmi\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NBKeyScan] C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk = C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\McAfee Security Scan.lnk = C:\Programmi\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} h**p://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} Reg Error: Value error. (Conviva LivePass)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} h**p://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} h**p://h20270.w*w2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} h**p://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} h**p://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\h**p\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**p\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (aEaAfVKsX.dll) - C:\WINDOWS\System32\aEaAfVKsX.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Programmi\ActivIdentity\ActivClient\acunlock.dll - C:\Programmi\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programmi\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/25 20.02.38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9b536f14-dd11-11de-afe3-00247e4986fd}\Shell - "" = AutoRun
O33 - MountPoints2\{9b536f14-dd11-11de-afe3-00247e4986fd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9b536f15-dd11-11de-afe3-00247e4986fd}\Shell\AutoRun\command - "" = G:\p3vwxx.exe -- File not found
O33 - MountPoints2\{9b536f15-dd11-11de-afe3-00247e4986fd}\Shell\open\Command - "" = G:\p3vwxx.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/11/25 20.47.53 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)
 
========== Files/Folders - Created Within 14 Days ==========
 
[2010/04/05 11.59.49 | 000,561,664 | ---- | C] (OldTimer Tools) -- d:\Desktop\OTL.exe
[2010/04/05 11.48.01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Dati applicazioni\Malwarebytes
[2010/04/05 11.47.30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/05 11.47.28 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/05 11.47.28 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/04/05 11.47.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2010/04/05 11.33.40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\***\Recent
[2010/04/05 11.30.00 | 000,000,000 | ---D | C] -- C:\Programmi\CCleaner
[2010/04/05 10.31.37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/02 18.22.11 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/02 18.22.10 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/02 18.22.09 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/02 18.22.08 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/02 18.22.06 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/02 18.22.06 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/02 18.22.05 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/02 18.21.40 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/02 18.21.40 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/02 18.21.27 | 000,000,000 | ---D | C] -- C:\Programmi\Alwil Software
[2010/04/02 18.21.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2010/03/27 13.58.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\Help
[2010/03/27 13.58.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Dati applicazioni\Help
[2010/03/27 13.57.35 | 000,000,000 | ---D | C] -- D:\DOCUMENTI\Nuova cartella
[2010/03/27 13.57.35 | 000,000,000 | ---D | C] -- D:\DOCUMENTI\Nuova cartella (2)
[2010/02/05 16.54.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
[2010/02/05 16.54.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Google
[2010/01/21 02.11.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/01/07 11.27.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
[2009/10/18 17.19.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
[2009/09/03 12.58.45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2008/11/25 21.36.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2008/11/25 20.06.03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2008/10/09 03.28.56 | 000,195,120 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
 
========== Files - Modified Within 14 Days ==========
 
[2010/04/05 12.02.38 | 001,139,826 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/05 12.02.38 | 000,515,260 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/04/05 12.02.38 | 000,443,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/05 12.02.38 | 000,093,902 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/04/05 12.02.38 | 000,072,180 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/05 12.01.32 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ED509ED3-1DD6-4C3C-8EE9-94DA0294483A}.job
[2010/04/05 11.58.34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/05 11.56.32 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/05 11.56.02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/05 11.55.17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/05 11.53.46 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\***\NTUSER.DAT
[2010/04/05 11.53.46 | 000,000,306 | -HS- | M] () -- C:\Documents and Settings\***\ntuser.ini
[2010/04/05 11.47.37 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/05 11.38.42 | 000,000,250 | ---- | M] () -- d:\Desktop\cc_20100405_113839.reg
[2010/04/05 11.36.46 | 000,001,624 | ---- | M] () -- d:\Desktop\cc_20100405_113642.reg
[2010/04/05 11.35.38 | 000,034,544 | ---- | M] () -- d:\Desktop\cc_20100405_113530.reg
[2010/04/05 11.30.01 | 000,001,436 | ---- | M] () -- d:\Desktop\CCleaner.lnk
[2010/04/05 10.54.12 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/04 03.21.15 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/04 02.37.47 | 001,678,336 | ---- | M] () -- C:\WINDOWS\System32\akak1b6g1.exe
[2010/04/04 02.37.47 | 001,678,336 | ---- | M] () -- C:\WINDOWS\System32\aEaAfVKsX.dll
[2010/04/04 02.34.13 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\010112010146115119.xxe
[2010/04/04 02.34.11 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\010112010146111103.xxe
[2010/04/04 02.34.08 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\0101120101465198.xxe
[2010/04/03 17.01.42 | 000,561,664 | ---- | M] (OldTimer Tools) -- d:\Desktop\OTL.exe
[2010/04/03 11.33.15 | 000,002,121 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/02 18.22.12 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/02 18.22.07 | 000,002,934 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/30 00.46.30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00.45.52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/25 11.27.05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/24 20.45.20 | 000,058,992 | ---- | M] () -- d:\Desktop\droit du commerce international[1].docx
[2010/03/24 20.43.08 | 000,065,136 | ---- | M] () -- d:\Desktop\droit du commerce international.docx
 
========== Files Created - No Company Name ==========
 
[2010/04/05 11.47.37 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/05 11.38.41 | 000,000,250 | ---- | C] () -- d:\Desktop\cc_20100405_113839.reg
[2010/04/05 11.36.44 | 000,001,624 | ---- | C] () -- d:\Desktop\cc_20100405_113642.reg
[2010/04/05 11.35.34 | 000,034,544 | ---- | C] () -- d:\Desktop\cc_20100405_113530.reg
[2010/04/05 11.30.01 | 000,001,436 | ---- | C] () -- d:\Desktop\CCleaner.lnk
[2010/04/04 02.37.57 | 001,678,336 | ---- | C] () -- C:\WINDOWS\System32\aEaAfVKsX.dll
[2010/04/04 02.37.47 | 001,678,336 | ---- | C] () -- C:\WINDOWS\System32\akak1b6g1.exe
[2010/04/04 02.34.13 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\010112010146115119.xxe
[2010/04/04 02.34.11 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\010112010146111103.xxe
[2010/04/04 02.34.08 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\0101120101465198.xxe
[2010/04/02 18.22.12 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/03/24 20.45.18 | 000,058,992 | ---- | C] () -- d:\Desktop\droit du commerce international[1].docx
[2010/03/24 20.43.08 | 000,065,136 | ---- | C] () -- d:\Desktop\droit du commerce international.docx
[2009/09/03 12.20.49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/28 09.24.14 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/24 19.36.44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\QSwitch.txt
[2009/08/24 19.36.44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\DSwitch.txt
[2009/08/24 19.36.44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\AtStart.txt
[2009/08/24 19.36.11 | 000,000,306 | -HS- | C] () -- C:\Documents and Settings\***\ntuser.ini
[2009/08/24 19.36.08 | 003,670,016 | -H-- | C] () -- C:\Documents and Settings\***\NTUSER.DAT
[2009/08/24 19.36.08 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\***\NtUser.dat.LOG
[2008/11/25 21.02.40 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/25 20.29.19 | 000,000,571 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2008/10/09 03.32.46 | 001,810,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/10/09 03.31.10 | 000,034,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/05/26 23.22.48 | 000,016,708 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 23.22.46 | 000,021,662 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 23.22.44 | 000,016,338 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/12 14.51.50 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2006/05/19 18.39.58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2005/04/04 00.30.00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\scardsyn.dll
[2005/02/17 12.41.32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12.41.30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/05/09 14.11.32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/05/09 12.31.44 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/01/27 14.13.54 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2003/04/01 03.49.16 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13.56.00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/09/17 14.20.02 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[1998/05/07 05.10.00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll
 
========== LOP Check ==========
 
[2010/04/02 18.21.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2008/11/25 20.51.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE
[2009/12/28 21.56.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/01 11.55.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Dati applicazioni\Conviva
[2009/10/31 15.55.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Dati applicazioni\Windows Search
[2010/04/05 12.01.32 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{ED509ED3-1DD6-4C3C-8EE9-94DA0294483A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2006/03/02 13.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 20.25.00 | 020,098,818 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 20.25.00 | 020,098,818 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12.36.40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12.36.40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: AHCIX86.SYS  >
[2008/05/27 20.55.48 | 000,174,600 | R--- | M] (AMD Technologies Inc.) MD5=15DA079FF09BE5FA6602041EE286DE80 -- C:\WINDOWS\system32\drivers\ahcix86.sys
[2007/10/26 19.25.14 | 000,164,352 | ---- | M] (AMD Technologies Inc.) MD5=746C6E7AE2C6449F3CF3CF0D5E3A9222 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\ahcix86.sys
 
< MD5 for: ATAPI.SYS  >
[2006/03/02 13.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 20.25.00 | 020,098,818 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 20.25.00 | 020,098,818 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12.40.32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12.40.32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/03/02 13.00.00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 20.13.40 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20.13.40 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\system32\eventlog.dll
[2006/03/02 13.00.00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D1CAA255F33C06C8302769A86FFB905E -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2006/03/02 13.00.00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=926BB51BB6DE79DEDB93E9C2B0811CCF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 20.13.48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20.13.48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 20.13.50 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20.13.50 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\system32\scecli.dll
[2006/03/02 13.00.00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=1446EB71ADF0F54980CDD7E5A812E102 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008/05/16 00.19.52 | 000,372,736 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/11/25 20.52.33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/11/25 20.52.32 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/11/25 20.52.32 | 000,446,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >
__________________
Alt 05.04.2010, 11:16   #19
sonpetitchou
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


Ok, vielen Dank schonmal

Here we go!

Malwarebyte Report:


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
w*w.malwarebytes.org

Datenbank Version: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/04/2010 11.53.21
mbam-log-2010-04-05 (11-53-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 104303
Laufzeit: 4 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
C:\WINDOWS\bill106.exe (Worm.Koobface) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\bill106.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

Alt 05.04.2010, 12:50   #20
Larusso
/// Selecta Jahrusso
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


Bitte keine Code Tags, ich mag die nicht.

schritt 1
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O20 - AppInit_DLLs: (aEaAfVKsX.dll) - C:\WINDOWS\System32\aEaAfVKsX.dll ()
[2010/04/04 02.34.13 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\010112010146115119.xxe     
[2010/04/04 02.34.11 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\010112010146111103.xxe     
[2010/04/04 02.34.08 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\0101120101465198.xxe

:Commands
[purity]
[emptytemp]
Bitte die *** Editieren
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Run Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


schritt 2

Rootkit-Suche

Was sind Rootkits?

Einige Scans auf Dateien, Prozesse u2nd Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
  • Füge das Log aus der Zwischenablage in Deine Antwort hier ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


schritt 3

Starte bitte OTL.exe und klicke auf den Quick Scan Button.


Bitte poste in Deiner nächsten Antwort
Gmer.txt
OTL.txt

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Alt 05.04.2010, 13:05   #21
sonpetitchou
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


ok, vielen Dank ich mach mich mal ran

Soll ich die Ergebnisse dann einfach so posten? Irgendwo dachte ich war gestanden, dass man hier in die Codes reinschreiben soll

Alt 05.04.2010, 14:21   #22
sonpetitchou
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


OTL.txt


OTL logfile created on: 05/04/2010 15.15.29 - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = d:\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 48,83 Gb Total Space | 35,81 Gb Free Space | 73,33% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 159,27 Gb Free Space | 86,54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP6735S
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/03 17.01.42 | 000,561,664 | ---- | M] (OldTimer Tools) -- d:\DESKTOP\OTL.exe
PRC - [2010/03/09 12.24.10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 12.24.08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/09/08 12.55.58 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/08/28 20.42.54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/28 02.19.10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Programmi\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2008/10/20 21.18.26 | 000,071,096 | ---- | M] () -- C:\Programmi\CDBurnerXP\NMSAccessU.exe
PRC - [2008/05/12 14.55.10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/13 20.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 17.09.56 | 001,044,480 | R--- | M] (Analog Devices, Inc.) -- C:\Programmi\Analog Devices\Core\smax4pnp.exe
PRC - [2008/03/18 17.27.12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2008/02/28 18.07.58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/02/28 18.07.48 | 000,529,704 | ---- | M] (Nero AG) -- C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
PRC - [2007/05/15 17.08.40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Programmi\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 17.08.38 | 000,095,024 | ---- | M] (ActivIdentity) -- C:\Programmi\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/15 17.08.08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Programmi\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2003/06/19 15.25.00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/03 17.01.42 | 000,561,664 | ---- | M] (OldTimer Tools) -- d:\DESKTOP\OTL.exe
MOD - [2008/05/12 14.51.24 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/09 12.24.08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 12.24.08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 12.24.08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/08/28 20.42.54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/10/20 21.18.26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programmi\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/04/13 20.13.50 | 000,124,928 | ---- | M] (CMedia) [Auto | Running] -- C:\WINDOWS\system32\certoko.dll -- (ipokoraid)
SRV - [2008/03/18 17.27.12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/02/28 18.07.48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/05/15 17.08.40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Programmi\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2003/07/28 12.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 15.25.00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.libero.it/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://it.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 34 4B AA 1B 2C CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/03/02 13.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Programmi\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [accrdsub] C:\Programmi\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [avast5] C:\Programmi\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NBKeyScan] C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk = C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\McAfee Security Scan.lnk = C:\Programmi\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} h**p://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} Reg Error: Value error. (Conviva LivePass)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} h**p://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} h**p://h20270.w*w2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} h**p://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} h**p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} h**p://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\h**p\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**p\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Programmi\ActivIdentity\ActivClient\acunlock.dll - C:\Programmi\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programmi\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/25 20.02.38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9b536f14-dd11-11de-afe3-00247e4986fd}\Shell - "" = AutoRun
O33 - MountPoints2\{9b536f14-dd11-11de-afe3-00247e4986fd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9b536f15-dd11-11de-afe3-00247e4986fd}\Shell\AutoRun\command - "" = G:\p3vwxx.exe -- File not found
O33 - MountPoints2\{9b536f15-dd11-11de-afe3-00247e4986fd}\Shell\open\Command - "" = G:\p3vwxx.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/04/05 14.09.31 | 000,000,000 | ---D | C] -- D:\DOCUMENTI\Program Files
[2010/04/05 11.59.49 | 000,561,664 | ---- | C] (OldTimer Tools) -- d:\Desktop\OTL.exe
[2010/04/05 11.48.01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Dati applicazioni\Malwarebytes
[2010/04/05 11.47.30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/05 11.47.28 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/05 11.47.28 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/04/05 11.47.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2010/04/05 11.33.40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\***\Recent
[2010/04/05 11.30.00 | 000,000,000 | ---D | C] -- C:\Programmi\CCleaner
[2010/04/05 10.31.37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/02 18.22.11 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/02 18.22.10 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/02 18.22.09 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/02 18.22.08 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/02 18.22.06 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/02 18.22.06 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/02 18.22.05 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/02 18.21.40 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/02 18.21.40 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/02 18.21.27 | 000,000,000 | ---D | C] -- C:\Programmi\Alwil Software
[2010/04/02 18.21.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2010/03/27 13.58.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\Help
[2010/03/27 13.58.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Dati applicazioni\Help
[2010/03/27 13.57.35 | 000,000,000 | ---D | C] -- D:\DOCUMENTI\Nuova cartella
[2010/03/27 13.57.35 | 000,000,000 | ---D | C] -- D:\DOCUMENTI\Nuova cartella (2)
[2010/02/05 16.54.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
[2010/02/05 16.54.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Google
[2010/01/21 02.11.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/01/07 11.27.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
[2009/10/18 17.19.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
[2009/09/03 12.58.45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2008/11/25 21.36.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2008/11/25 20.06.03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2008/10/09 03.28.56 | 000,195,120 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

========== Files - Modified Within 14 Days ==========

[2010/04/05 15.15.01 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ED509ED3-1DD6-4C3C-8EE9-94DA0294483A}.job
[2010/04/05 15.14.22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/05 15.13.51 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/05 15.13.49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/05 15.13.42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/05 15.12.34 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\***\NTUSER.DAT
[2010/04/05 15.12.34 | 000,000,306 | -HS- | M] () -- C:\Documents and Settings\***\ntuser.ini
[2010/04/05 15.12.32 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/04/05 14.54.05 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/05 14.17.20 | 001,139,826 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/05 14.17.20 | 000,515,260 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/04/05 14.17.20 | 000,443,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/05 14.17.20 | 000,093,902 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/04/05 14.17.20 | 000,072,180 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/05 14.08.08 | 000,293,376 | ---- | M] () -- d:\Desktop\h7bexb7w.exe
[2010/04/05 11.47.37 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/05 11.38.42 | 000,000,250 | ---- | M] () -- d:\Desktop\cc_20100405_113839.reg
[2010/04/05 11.36.46 | 000,001,624 | ---- | M] () -- d:\Desktop\cc_20100405_113642.reg
[2010/04/05 11.35.38 | 000,034,544 | ---- | M] () -- d:\Desktop\cc_20100405_113530.reg
[2010/04/05 11.30.01 | 000,001,436 | ---- | M] () -- d:\Desktop\CCleaner.lnk
[2010/04/04 03.21.15 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/04 02.37.47 | 001,678,336 | ---- | M] () -- C:\WINDOWS\System32\akak1b6g1.exe
[2010/04/03 17.01.42 | 000,561,664 | ---- | M] (OldTimer Tools) -- d:\Desktop\OTL.exe
[2010/04/03 11.33.15 | 000,002,121 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/02 18.22.12 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/02 18.22.07 | 000,002,934 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/30 00.46.30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00.45.52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/25 11.27.05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/24 20.45.20 | 000,058,992 | ---- | M] () -- d:\Desktop\droit du commerce international[1].docx
[2010/03/24 20.43.08 | 000,065,136 | ---- | M] () -- d:\Desktop\droit du commerce international.docx

========== Files Created - No Company Name ==========

[2010/04/05 14.09.50 | 000,293,376 | ---- | C] () -- d:\Desktop\h7bexb7w.exe
[2010/04/05 11.47.37 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/05 11.38.41 | 000,000,250 | ---- | C] () -- d:\Desktop\cc_20100405_113839.reg
[2010/04/05 11.36.44 | 000,001,624 | ---- | C] () -- d:\Desktop\cc_20100405_113642.reg
[2010/04/05 11.35.34 | 000,034,544 | ---- | C] () -- d:\Desktop\cc_20100405_113530.reg
[2010/04/05 11.30.01 | 000,001,436 | ---- | C] () -- d:\Desktop\CCleaner.lnk
[2010/04/04 02.37.47 | 001,678,336 | ---- | C] () -- C:\WINDOWS\System32\akak1b6g1.exe
[2010/04/02 18.22.12 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/03/24 20.45.18 | 000,058,992 | ---- | C] () -- d:\Desktop\droit du commerce international[1].docx
[2010/03/24 20.43.08 | 000,065,136 | ---- | C] () -- d:\Desktop\droit du commerce international.docx
[2009/09/03 12.20.49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/28 09.24.14 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/24 19.36.44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\QSwitch.txt
[2009/08/24 19.36.44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\DSwitch.txt
[2009/08/24 19.36.44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\AtStart.txt
[2009/08/24 19.36.11 | 000,000,306 | -HS- | C] () -- C:\Documents and Settings\***\ntuser.ini
[2009/08/24 19.36.08 | 003,670,016 | -H-- | C] () -- C:\Documents and Settings\***\NTUSER.DAT
[2009/08/24 19.36.08 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\***\NtUser.dat.LOG
[2008/11/25 21.02.40 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/25 20.29.19 | 000,000,571 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2008/10/09 03.32.46 | 001,810,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/10/09 03.31.10 | 000,034,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/05/26 23.22.48 | 000,016,708 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 23.22.46 | 000,021,662 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 23.22.44 | 000,016,338 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/12 14.51.50 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2006/05/19 18.39.58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2005/04/04 00.30.00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\scardsyn.dll
[2005/02/17 12.41.32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12.41.30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/05/09 14.11.32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/05/09 12.31.44 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/01/27 14.13.54 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2003/04/01 03.49.16 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13.56.00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/09/17 14.20.02 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[1998/05/07 05.10.00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

========== LOP Check ==========

[2010/04/02 18.21.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2008/11/25 20.51.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE
[2009/12/28 21.56.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/01 11.55.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Dati applicazioni\Conviva
[2009/10/31 15.55.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Dati applicazioni\Windows Search
[2010/04/05 15.15.01 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{ED509ED3-1DD6-4C3C-8EE9-94DA0294483A}.job

========== Purity Check ==========


< End of report >

Alt 05.04.2010, 14:22   #23
sonpetitchou
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


Gmer Log


GMER 1.0.15.15281 - h**p://w*w.gmer.net
Rootkit scan 2010-04-05 15:03:14
Windows 5.1.2600 Service Pack 3
Running: h7bexb7w.exe; Driver: C:\DOCUME~1\***\IMPOST~1\Temp\fwrdipod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0x93568C56]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0x93568B12]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0x935690C6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0x93568FF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x935686E8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0x93568BEC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x93568628]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x9356868C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0x93568D0C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0x93569194]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0x93568CCC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0x93568E4C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x935754FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x93575322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x9357545C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CE0 8050457C 4 Bytes CALL 16E39C07
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP 93575460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB3AC 7 Bytes JMP 93575326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC520 5 Bytes JMP 935714BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FA4 5 Bytes JMP 93572972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP 93575502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xA9CEC000, 0x18A386, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2088] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[748] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[748] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----

Alt 05.04.2010, 14:23   #24
sonpetitchou
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


OK, hier gehts dann weiter

1. OTL Log


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:aEaAfVKsX.dll deleted successfully.
C:\WINDOWS\system32\aEaAfVKsX.dll moved successfully.
C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\010112010146115119.xxe moved successfully.
C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\010112010146111103.xxe moved successfully.
C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\0101120101465198.xxe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5276161 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5,00 mb


OTL by OldTimer - Version 3.2.1.0 log created on 04052010_140301

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 05.04.2010, 14:39   #25
Larusso
/// Selecta Jahrusso
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


Lösche bitte folgende Datei manuell

C:\windows\system32\akak1b6g1.exe

Sollte es nicht gehen, sag bitte bescheid.


schritt 2

Update Malwarebytes --> Quick Scan ausführen.
Poste mir bitte die Logfile


schritt 3
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
  • Bitte während des Scans alle Hintergrundwächter abstellen/deaktivieren.
  • Java muss installiert, aktiv und erlaubt sein.
  • Bebilderte Anleitung von sundavis.
  • Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.
  • Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
  • Die Datenschutzerklärung akzeptieren.
  • Programm installieren lassen.
  • Update der Signaturen installieren lassen.
  • Wenn der Status "Complete" ist,
  • Scan-Einstellungen (Settings) Standard lassen
  • Links den Link "My Computer" anklicken.
  • Scan beginnt automatisch.
  • Wenn der Scan fertig ist, auf "View scan report" klicken,
  • "Save report as" und Dateityp auf .txt umstellen,
  • und auf dem Desktop als Kaspersky.txt speichern.
  • Logdatei hier posten.
  • Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.


schritt 4

Starte OTL --> Wähle im Bereich Extra Registry bitte Use safe list und klicke auf Run Scan


Bitte poste in Deiner nächsten Antwort
Log von MBAM
Log von Eset
OTL.txt
Extras.txt
Berichte wie der Rechner läuft
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Alt 05.04.2010, 15:25   #26
sonpetitchou
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


Ok, die Datei wurde mir nicht einmal als Versteckte Datei angezeigt.

Ich habe sie nun (hoffentlich) über DOS gelöscht.

Kann ich das nachprüfen?


Malwarebytes-Log:

Malwarebytes' Anti-Malware 1.45
ww*.malwarebytes.org

Datenbank Version: 3956

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/04/2010 16.35.22
mbam-log-2010-04-05 (16-35-22).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 105421
Laufzeit: 3 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\WINDOWS\system32\certoko.dll (Trojan.Proxy) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ipokoraid (Trojan.Proxy) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\WINDOWS\system32\certoko.dll (Trojan.Proxy) -> Delete on reboot.
Geändert von sonpetitchou (05.04.2010 um 15:37 Uhr)

Alt 05.04.2010, 17:46   #27
sonpetitchou
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


Kapersky Log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, April 5, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, April 05, 2010 10:40:46
Records in database: 3914156
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 55224
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:05:22

No threats found. Scanned area is clean.

Selected area has been scanned.

Alt 05.04.2010, 17:48   #28
sonpetitchou
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


Extras.txt

OTL Extras logfile created on: 05/04/2010 18.35.04 - Run 3
OTL by OldTimer - Version 3.2.1.0 Folder = d:\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 48,83 Gb Total Space | 35,46 Gb Free Space | 72,62% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 159,27 Gb Free Space | 86,54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP6735S
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programmi\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programmi\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1
"AntiSpywareOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc]
"AntiVirusDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\Svc]
"FirewallDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\Svc\Svc]
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\Svc\Svc\Svc]
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Svc\Svc\Svc\Svc\Svc]
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8085:TCP" = 8085:TCP:*:Enabled:LitvinenKO

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\iTunes\iTunes.exe" = C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05B62241-5495-46EF-5086-DBE0F37F052C}" = Catalyst Control Center Localization Korean
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{27FE77BD-2E0A-385C-C2CC-8367D877356F}" = CCC Help Norwegian
"{2CD54AED-740B-1418-464E-CC8E15AD1E4F}" = Catalyst Control Center Localization Swedish
"{2D0EE88B-8720-50A7-7F31-503B4300A8C5}" = Catalyst Control Center Localization French
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35EB3E58-F46C-CB48-C623-16A455C37C5D}" = CCC Help Turkish
"{36C491D0-A196-F49C-C63C-3509D7A2B91D}" = CCC Help Finnish
"{37AF26EB-ACCD-4F9C-A13E-81483F932203}" = Catalyst Control Center - Branding
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45E6BF4C-6DC8-B1BB-517C-5F2C1D055A9B}" = CCC Help Hungarian
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{48072101-4DFE-9DC2-9F5D-DE0EF7193C98}" = CCC Help Korean
"{49798684-CC48-AF5C-E513-9FFF61EFD3A6}" = CCC Help Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}" = AMD Driver Support for HP 3D DriverGuard
"{4CF11D44-43B7-1359-B438-972C69D7AD6F}" = CCC Help Spanish
"{4ED20E34-D511-A85B-D7E5-755AE64D5F6C}" = CCC Help Portuguese
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B186F6-E6A7-A997-92E6-3E8C6189F497}" = Catalyst Control Center Localization Japanese
"{5AB422C9-E804-1331-233E-E44D8BBC1862}" = CCC Help German
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{5ED80CF6-D54D-5F9B-2B9C-E3B6F927879D}" = CCC Help Czech
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60AFC32A-B82F-3818-E90B-A71446BBCCD6}" = Catalyst Control Center Localization Greek
"{6162653F-D1AB-6708-C73B-8411296900AE}" = Catalyst Control Center Localization Portuguese
"{6179EAEB-0C72-0241-DC0B-0258E86B982A}" = ccc-core-preinstall
"{64FBF438-35D1-8A01-FB00-36911B07FC72}" = Catalyst Control Center Graphics Light
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B4469FE-20FA-9E1D-6634-CF971706BD24}" = Catalyst Control Center Localization Chinese Traditional
"{6C17DE97-6A5A-FA9C-0F4C-8B027E6AC014}" = CCC Help Russian
"{6FCA773E-903A-5C83-D379-DD53F9EFD794}" = Catalyst Control Center Localization Turkish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{747626CF-7958-290F-A7D8-6EE6549C8614}" = Catalyst Control Center Localization Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7B459B8C-D870-2C14-9BA7-ABFFBCE7CD34}" = CCC Help Italian
"{7BE1B3CE-5476-B847-4719-4421AEC5C663}" = CCC Help Thai
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{875FDD1A-4259-9361-572C-780AC637C81A}" = Catalyst Control Center Localization Czech
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F676C36-74D3-9B7B-00FC-733EE5AFDA95}" = CCC Help Chinese Traditional
"{90110410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{983980FC-66FB-4ECC-A5D8-4565BE217733}" = SCR3xxx Smart Card Reader
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2CB5EC7-E64F-5E35-2A23-63CB198649F5}" = CCC Help Greek
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A777845E-F260-4572-787B-2BD08E560C78}" = Catalyst Control Center Localization Spanish
"{A7A1BCB9-B9EE-3DBB-6F1C-570C532B9190}" = CCC Help French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9884559-F231-7727-95F4-41FDB052A536}" = Catalyst Control Center Localization Russian
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB785290-EA80-7A10-B2C6-98919E514A68}" = Catalyst Control Center Graphics Full New
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1040-7B44-A91000000001}" = Adobe Reader 9.1.3 - Italiano
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEA355A4-997D-A49D-A57A-CF537FFFEC84}" = Skins
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B18A542F-C99B-73C9-6552-73E1216E8834}" = CCC Help Dutch
"{B5764B71-4BCE-206A-DE15-2E05469AA74C}" = Catalyst Control Center Localization Polish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B817499D-2D52-2F37-DF6F-40735748FA88}" = CCC Help English
"{BC66641A-3279-BB5E-BEAB-99B39D13B3BD}" = CCC Help Polish
"{BE282C23-5484-47FF-B2C1-EBEA5C891040}" = Nero 8 Ultra Edition HD
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C3D86DED-91D7-A890-5E9E-D14D993B5E9E}" = Catalyst Control Center Localization Dutch
"{C4BEF3C4-9DF1-6D99-6C46-BBBF8E4B07A5}" = ccc-core-static
"{C6BB4BD5-15D5-0B2D-CF4A-49BDCD7B3AC3}" = Catalyst Control Center Localization Norwegian
"{C90BE263-E9B8-AD82-C517-3197FA4DA9C4}" = CCC Help Danish
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D9C94F63-6B2C-9BFA-F37C-E48E1B6133E1}" = CCC Help Swedish
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX 2.2.3
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E19DF3EF-351E-EE5E-623B-1A99C8C3EB5F}" = Catalyst Control Center Graphics Full Existing
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E2EF1380-9963-C7F9-3478-1046EC008C02}" = Catalyst Control Center Localization Chinese Standard
"{E4EF3303-7E22-44E5-82EB-48589B06A549}" = HP 3D DriveGuard
"{E78D8DE3-E3CD-E89C-D5A0-D8FFE5F6E7F9}" = CCC Help Chinese Standard
"{EA7D5022-7744-4D28-0E83-2DF9678C27B6}" = Catalyst Control Center Core Implementation
"{EDD0A584-1ABB-8E7B-97AB-743C7E35EEA7}" = Catalyst Control Center Localization German
"{EFBC8D78-75EA-4BB1-0CC6-172BFDF4B70F}" = Catalyst Control Center Localization Danish
"{F01701B8-2C94-282D-9339-23AFBEDBE3E2}" = Catalyst Control Center Localization Italian
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BE302E-6B30-B816-4EA3-23CD6A23B08D}" = ccc-utility
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{F940B4EC-8504-CEE5-F36C-C2F5471D9E87}" = Catalyst Control Center Localization Thai
"{FBAA2B2F-002D-45BB-2917-35FC46FB1326}" = Catalyst Control Center Localization Finnish
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Scheda LAN wireless Broadcom 802.11
"CCleaner" = CCleaner
"ConvivaProxyIE" = Conviva LivePass
"DVDFab Ghosthunter release_is1" = DVDFab Ghosthunter release 5.3.0.5 Beta
"eMule" = eMule
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.26 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veoh Video Compass" = Veoh Video Compass
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VideoLAN VLC media player 0.8.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/04/2010 20.39.33 | Computer Name = HP6735S | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore iexplore.exe, versione 8.0.6001.18702,
modulo che ha provocato l'errore mshtml.dll, versione 8.0.6001.18904, indirizzo
errore 0x000da1ac.

Error - 05/04/2010 4.54.12 | Computer Name = HP6735S | Source = Google Update | ID = 20
Description =

Error - 05/04/2010 5.34.10 | Computer Name = HP6735S | Source = Windows Search Service | ID = 3024
Description = Impossibile avviare l'aggiornamento. Le origini di contenuto non sono
accessibili. Correggere gli errori e riprovare a eseguire l'aggiornamento. Contesto:
applicazione , catalogo SystemIndex

Error - 05/04/2010 5.34.10 | Computer Name = HP6735S | Source = Windows Search Service | ID = 3024
Description = Impossibile avviare l'aggiornamento. Le origini di contenuto non sono
accessibili. Correggere gli errori e riprovare a eseguire l'aggiornamento. Contesto:
applicazione , catalogo SystemIndex

Error - 05/04/2010 6.54.10 | Computer Name = HP6735S | Source = Google Update | ID = 20
Description =

Error - 05/04/2010 7.54.09 | Computer Name = HP6735S | Source = Google Update | ID = 20
Description =

Error - 05/04/2010 8.54.05 | Computer Name = HP6735S | Source = Google Update | ID = 20
Description =

Error - 05/04/2010 9.54.05 | Computer Name = HP6735S | Source = Google Update | ID = 20
Description =

Error - 05/04/2010 10.28.49 | Computer Name = HP6735S | Source = Windows Search Service | ID = 3024
Description = Impossibile avviare l'aggiornamento. Le origini di contenuto non sono
accessibili. Correggere gli errori e riprovare a eseguire l'aggiornamento. Contesto:
applicazione , catalogo SystemIndex

Error - 05/04/2010 10.28.49 | Computer Name = HP6735S | Source = Windows Search Service | ID = 3024
Description = Impossibile avviare l'aggiornamento. Le origini di contenuto non sono
accessibili. Correggere gli errori e riprovare a eseguire l'aggiornamento. Contesto:
applicazione , catalogo SystemIndex

[ System Events ]
Error - 05/04/2010 8.03.02 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio PLFlash DeviceIoControl Service.
Questo evento si è già verificato 1 volta(e).

Error - 05/04/2010 8.03.02 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio NMIndexingService. Questo evento
si è già verificato 1 volta(e).

Error - 05/04/2010 8.03.02 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Servizio iPod. Questo evento
si è già verificato 1 volta(e).

Error - 05/04/2010 8.03.02 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio hpqwmiex. Questo evento si è
già verificato 1 volta(e).

Error - 05/04/2010 8.03.02 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Com4QLBEx. Questo evento si è
già verificato 1 volta(e).

Error - 05/04/2010 9.09.07 | Computer Name = HP6735S | Source = Service Control Manager | ID = 7011
Description = Timout (30000 millisecondi) durante l'attesa della risposta alla transazione
dal servizio WSearch.

Error - 05/04/2010 9.12.23 | Computer Name = HP6735S | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio netman con gli argomenti "" per eseguire il server {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 05/04/2010 9.12.29 | Computer Name = HP6735S | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/04/2010 9.12.33 | Computer Name = HP6735S | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/04/2010 10.37.40 | Computer Name = HP6735S | Source = sr | ID = 1
Description = Errore imprevisto '0xC0000001' durante l'elaborazione del file ''
sul volume 'HarddiskVolume1'. Il monitoraggio del volume è stato interrotto.


< End of report >

Alt 05.04.2010, 17:50   #29
sonpetitchou
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


Sodala, alles gemacht

PC laeuft an sich stabil und ruhig. Windows braucht ein bisschen, das mag aber wohl aber an dem ein bisschen zugemuellten Autostart liegen (Skype, Messenger, ...) Anonsten - verglichen mit dem was vorher war, naemlich Luefter im Dauerbetrieb - alles bestens


OTL.txt

OTL logfile created on: 05/04/2010 18.35.04 - Run 3
OTL by OldTimer - Version 3.2.1.0 Folder = d:\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 48,83 Gb Total Space | 35,46 Gb Free Space | 72,62% Space Free | Partition Type: NTFS
Drive D: | 184,05 Gb Total Space | 159,27 Gb Free Space | 86,54% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP6735S
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/03 17.01.42 | 000,561,664 | ---- | M] (OldTimer Tools) -- d:\DESKTOP\OTL.exe
PRC - [2010/03/09 12.24.10 | 002,769,336 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/03/09 12.24.08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/18 11.43.18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe
PRC - [2009/09/08 12.55.58 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/08/28 20.42.54 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/28 02.19.10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Programmi\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2008/10/20 21.18.26 | 000,071,096 | ---- | M] () -- C:\Programmi\CDBurnerXP\NMSAccessU.exe
PRC - [2008/06/09 09.10.04 | 000,082,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
PRC - [2008/05/12 14.55.10 | 000,576,104 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/13 20.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 17.09.56 | 001,044,480 | R--- | M] (Analog Devices, Inc.) -- C:\Programmi\Analog Devices\Core\smax4pnp.exe
PRC - [2008/03/18 17.27.12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2008/02/28 18.07.58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008/02/28 18.07.48 | 000,529,704 | ---- | M] (Nero AG) -- C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
PRC - [2008/02/18 17.29.02 | 002,221,352 | ---- | M] (Nero AG) -- C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
PRC - [2007/05/15 17.08.40 | 000,182,576 | ---- | M] (ActivIdentity) -- C:\Programmi\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 17.08.38 | 000,095,024 | ---- | M] (ActivIdentity) -- C:\Programmi\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/15 17.08.08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Programmi\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2003/06/19 15.25.00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/03 17.01.42 | 000,561,664 | ---- | M] (OldTimer Tools) -- d:\DESKTOP\OTL.exe
MOD - [2008/05/12 14.51.24 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/09 12.24.08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 12.24.08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 12.24.08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Programmi\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/08/28 20.42.54 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/10/20 21.18.26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programmi\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/03/18 17.27.12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/02/28 18.07.48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/05/15 17.08.40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Programmi\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2003/07/28 12.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 15.25.00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2010/03/09 12.12.54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 12.12.33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/03/09 12.09.08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 12.08.41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 12.08.30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 12.08.15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/03/27 06.48.22 | 001,810,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/11/25 20.30.58 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/21 21.53.40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/05/27 20.55.48 | 000,174,600 | R--- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ahcix86.sys -- (ahcix86)
DRV - [2008/05/23 14.51.02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 14.50.16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/05/16 02.33.44 | 002,881,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/05/14 08.08.16 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/05/14 08.08.14 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/05/14 08.08.14 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/05/14 08.08.14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/05/14 08.08.14 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/04/28 16.22.10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/13 20.13.50 | 000,032,768 | ---- | M] (DeviceLock, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ndisoko.sys -- (dmoko)
DRV - [2008/04/13 12.56.08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 10.36.06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/11 18.19.42 | 000,338,944 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/04/04 10.57.00 | 000,296,320 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/03/28 12.14.02 | 000,024,064 | R--- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/03/27 20.14.06 | 000,224,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/12 22.43.26 | 000,015,416 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Amddfltr.sys -- (Amddfltr)
DRV - [2007/06/21 05.40.02 | 000,056,448 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2007/06/18 18.12.04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/16 17.46.34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/03/02 13.00.00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2006/03/02 13.00.00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.libero.it/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://it.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 34 4B AA 1B 2C CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/04/05 16.53.16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/04/05 16.53.06 | 000,000,000 | ---D | M]

[2010/04/05 16.53.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Dati applicazioni\Mozilla\Extensions
[2010/04/05 16.53.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Dati applicazioni\Mozilla\Firefox\Profiles\qljzxbrd.default\extensions
[2010/04/05 16.53.39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\***\Dati applicazioni\Mozilla\Firefox\Profiles\qljzxbrd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/05 16.53.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\***\Dati applicazioni\Mozilla\Firefox\Profiles\qljzxbrd.default\extensions\staged-xpis
[2010/04/05 16.53.07 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2010/04/01 19.17.18 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/04/01 19.17.18 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2010/04/01 19.17.18 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2010/04/01 19.17.18 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2006/03/02 13.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Programmi\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [accrdsub] C:\Programmi\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [avast5] C:\Programmi\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NBKeyScan] C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk = C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\McAfee Security Scan.lnk = C:\Programmi\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Invia a Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} h**p://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} Reg Error: Value error. (Conviva LivePass)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} h**p://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} h**p://h20270.w*w2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} h**p://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} h**://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} h**p://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.188.0.1
O18 - Protocol\Handler\h**p\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**p\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\h**ps\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Programmi\ActivIdentity\ActivClient\acunlock.dll - C:\Programmi\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programmi\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/25 20.02.38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{9b536f14-dd11-11de-afe3-00247e4986fd}\Shell - "" = AutoRun
O33 - MountPoints2\{9b536f14-dd11-11de-afe3-00247e4986fd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9b536f15-dd11-11de-afe3-00247e4986fd}\Shell\AutoRun\command - "" = G:\p3vwxx.exe -- File not found
O33 - MountPoints2\{9b536f15-dd11-11de-afe3-00247e4986fd}\Shell\open\Command - "" = G:\p3vwxx.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/05 16.53.15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\Mozilla
[2010/04/05 16.53.15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Dati applicazioni\Mozilla
[2010/04/05 16.53.05 | 000,000,000 | ---D | C] -- C:\Programmi\Mozilla Firefox
[2010/04/05 16.46.36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Sun
[2010/04/05 16.46.35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/05 16.46.35 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java
[2010/04/05 16.46.14 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/05 16.46.14 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/05 16.46.14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/05 16.46.14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/05 16.46.14 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/05 16.45.57 | 000,000,000 | ---D | C] -- C:\Programmi\Java
[2010/04/05 16.44.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Dati applicazioni\Sun
[2010/04/05 14.09.31 | 000,000,000 | ---D | C] -- D:\DOCUMENTI\Program Files
[2010/04/05 11.59.49 | 000,561,664 | ---- | C] (OldTimer Tools) -- d:\Desktop\OTL.exe
[2010/04/05 11.48.01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Dati applicazioni\Malwarebytes
[2010/04/05 11.47.30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/05 11.47.28 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/05 11.47.28 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/04/05 11.47.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2010/04/05 11.33.40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\***\Recent
[2010/04/05 11.30.00 | 000,000,000 | ---D | C] -- C:\Programmi\CCleaner
[2010/04/05 10.31.37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/02 18.22.11 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/02 18.22.10 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/02 18.22.09 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/02 18.22.08 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/02 18.22.06 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/02 18.22.06 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/02 18.22.05 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/02 18.21.40 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/02 18.21.40 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/02 18.21.27 | 000,000,000 | ---D | C] -- C:\Programmi\Alwil Software
[2010/04/02 18.21.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2010/03/27 13.58.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\Help
[2010/03/27 13.58.04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Dati applicazioni\Help
[2010/03/27 13.57.35 | 000,000,000 | ---D | C] -- D:\DOCUMENTI\Nuova cartella
[2010/03/27 13.57.35 | 000,000,000 | ---D | C] -- D:\DOCUMENTI\Nuova cartella (2)
[2010/03/15 14.59.06 | 000,000,000 | ---D | C] -- C:\Programmi\Veoh Networks
[2010/03/11 17.57.01 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/09 13.36.21 | 000,000,000 | ---D | C] -- d:\Desktop\économie régionale et géographique
[2010/03/09 13.33.44 | 000,000,000 | ---D | C] -- d:\Desktop\commence international
[2010/02/05 16.54.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Google
[2010/02/05 16.54.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Google
[2010/01/21 02.11.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/01/07 11.27.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
[2009/10/18 17.19.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
[2009/09/03 12.58.45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2008/11/25 21.36.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2008/11/25 20.06.03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2008/10/09 03.28.56 | 000,195,120 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/04/05 17.54.01 | 000,001,128 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/05 16.54.00 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/05 16.53.18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/04/05 16.53.11 | 000,001,572 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/05 16.48.33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/05 16.48.10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/05 16.48.03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/05 16.46.55 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\***\NTUSER.DAT
[2010/04/05 16.46.55 | 000,000,306 | -HS- | M] () -- C:\Documents and Settings\***\ntuser.ini
[2010/04/05 16.46.47 | 003,776,856 | -H-- | M] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/04/05 16.46.01 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/05 16.46.01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/05 16.46.01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/05 16.46.01 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/05 16.46.00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/05 16.42.11 | 001,139,826 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/05 16.42.11 | 000,515,260 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/04/05 16.42.11 | 000,443,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/05 16.42.11 | 000,093,902 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/04/05 16.42.11 | 000,072,180 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/05 16.16.01 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{ED509ED3-1DD6-4C3C-8EE9-94DA0294483A}.job
[2010/04/05 14.08.08 | 000,293,376 | ---- | M] () -- d:\Desktop\h7bexb7w.exe
[2010/04/05 11.47.37 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/05 11.38.42 | 000,000,250 | ---- | M] () -- d:\Desktop\cc_20100405_113839.reg
[2010/04/05 11.36.46 | 000,001,624 | ---- | M] () -- d:\Desktop\cc_20100405_113642.reg
[2010/04/05 11.35.38 | 000,034,544 | ---- | M] () -- d:\Desktop\cc_20100405_113530.reg
[2010/04/05 11.30.01 | 000,001,436 | ---- | M] () -- d:\Desktop\CCleaner.lnk
[2010/04/04 03.21.15 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/03 17.01.42 | 000,561,664 | ---- | M] (OldTimer Tools) -- d:\Desktop\OTL.exe
[2010/04/03 11.33.15 | 000,002,121 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/02 18.22.12 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/02 18.22.07 | 000,002,934 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/30 00.46.30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00.45.52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/25 11.27.05 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/24 20.45.20 | 000,058,992 | ---- | M] () -- d:\Desktop\droit du commerce international[1].docx
[2010/03/24 20.43.08 | 000,065,136 | ---- | M] () -- d:\Desktop\droit du commerce international.docx
[2010/03/21 20.08.34 | 002,227,968 | ---- | M] () -- d:\Desktop\Plan général 2009.pdf
[2010/03/21 12.02.28 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/15 14.59.10 | 000,001,170 | ---- | M] () -- d:\Desktop\Veoh.com.lnk
[2010/03/12 02.04.06 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/11 19.30.14 | 000,063,933 | ---- | M] () -- d:\Desktop\Droit du ...pdf
[2010/03/09 15.45.22 | 010,575,024 | ---- | M] () -- d:\Desktop\VeohWebPlayerSetup_eng.exe
[2010/03/09 12.24.23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/09 12.24.05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/09 12.12.54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/09 12.12.33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/09 12.09.08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/09 12.08.41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/09 12.08.38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/09 12.08.30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/09 12.08.15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

========== Files Created - No Company Name ==========

[2010/04/05 16.53.18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/05 16.53.11 | 000,001,572 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/04/05 14.09.50 | 000,293,376 | ---- | C] () -- d:\Desktop\h7bexb7w.exe
[2010/04/05 11.47.37 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/05 11.38.41 | 000,000,250 | ---- | C] () -- d:\Desktop\cc_20100405_113839.reg
[2010/04/05 11.36.44 | 000,001,624 | ---- | C] () -- d:\Desktop\cc_20100405_113642.reg
[2010/04/05 11.35.34 | 000,034,544 | ---- | C] () -- d:\Desktop\cc_20100405_113530.reg
[2010/04/05 11.30.01 | 000,001,436 | ---- | C] () -- d:\Desktop\CCleaner.lnk
[2010/04/02 18.22.12 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/03/24 20.45.18 | 000,058,992 | ---- | C] () -- d:\Desktop\droit du commerce international[1].docx
[2010/03/24 20.43.08 | 000,065,136 | ---- | C] () -- d:\Desktop\droit du commerce international.docx
[2010/03/21 20.08.29 | 002,227,968 | ---- | C] () -- d:\Desktop\Plan général 2009.pdf
[2010/03/15 14.59.10 | 000,001,170 | ---- | C] () -- d:\Desktop\Veoh.com.lnk
[2010/03/11 23.42.18 | 000,063,933 | ---- | C] () -- d:\Desktop\Droit du ...pdf
[2010/03/09 15.45.19 | 010,575,024 | ---- | C] () -- d:\Desktop\VeohWebPlayerSetup_eng.exe
[2009/09/03 12.20.49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/28 09.24.14 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/24 19.36.44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\QSwitch.txt
[2009/08/24 19.36.44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\DSwitch.txt
[2009/08/24 19.36.44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\***\Impostazioni locali\Dati applicazioni\AtStart.txt
[2009/08/24 19.36.11 | 000,000,306 | -HS- | C] () -- C:\Documents and Settings\***\ntuser.ini
[2009/08/24 19.36.08 | 003,670,016 | -H-- | C] () -- C:\Documents and Settings\***\NTUSER.DAT
[2009/08/24 19.36.08 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\***\NtUser.dat.LOG
[2008/11/25 21.02.40 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/25 20.29.19 | 000,000,571 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2008/10/09 03.32.46 | 001,810,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/10/09 03.31.10 | 000,034,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/05/26 23.22.48 | 000,016,708 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 23.22.46 | 000,021,662 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 23.22.44 | 000,016,338 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/12 14.51.50 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2006/05/19 18.39.58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2005/04/04 00.30.00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\scardsyn.dll
[2005/02/17 12.41.32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12.41.30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/05/09 14.11.32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/05/09 12.31.44 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/01/27 14.13.54 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2003/04/01 03.49.16 | 000,005,360 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13.56.00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/09/17 14.20.02 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[1998/05/07 05.10.00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll
< End of report >

Alt 05.04.2010, 18:17   #30
Larusso
/// Selecta Jahrusso
 
Virus Protector wie loswerden? - Standard

Virus Protector wie loswerden?


Sieht gut aus

Eine Frage noch.

Sagt dir LitvinenKO was ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie
Antwort
Seite 2 von 3 1 2 3

Themen zu Virus Protector wie loswerden?
bitte um hilfe


« firefox-absturz beim öffnen nach AVira-AV-Scan | wuauclt.exe-problem »


Ähnliche Themen: Virus Protector wie loswerden?


  1. Virus Advanced System Protector & Reg Clean Pro
    Plagegeister aller Art und deren Bekämpfung - 19.09.2013 (8)
  2. Windows 7: Advanced System Protector Virus
    Log-Analyse und Auswertung - 09.09.2013 (17)
  3. Ihavenet Virus - wie kann ich ihn loswerden
    Log-Analyse und Auswertung - 31.07.2013 (25)
  4. Rote Sprechblase/ Iminent - Virus? Wie loswerden?
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (21)
  5. Hola search virus loswerden!
    Plagegeister aller Art und deren Bekämpfung - 02.05.2013 (44)
  6. Advanced System Protector - Virus? Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (19)
  7. Windows 7 Home Security 2012 Virus loswerden?
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (2)
  8. Phorpiex Virus von Facebook loswerden, nur wie?
    Log-Analyse und Auswertung - 19.12.2011 (11)
  9. Facebook-Virus loswerden
    Plagegeister aller Art und deren Bekämpfung - 22.08.2011 (37)
  10. Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu
    Log-Analyse und Auswertung - 19.05.2010 (13)
  11. Dringend: Hilfe bei virus protector
    Plagegeister aller Art und deren Bekämpfung - 08.05.2010 (1)
  12. PC Virus Protector direkt nach dem Hochfahren
    Plagegeister aller Art und deren Bekämpfung - 02.05.2010 (9)
  13. Habe Virus Protector auf dem Rechner
    Log-Analyse und Auswertung - 01.05.2010 (16)
  14. Habe Virus Protector !
    Log-Analyse und Auswertung - 17.04.2010 (6)
  15. Virus Protector entfernen
    Log-Analyse und Auswertung - 29.03.2010 (5)
  16. Virus Protector deninstall wie ?
    Antiviren-, Firewall- und andere Schutzprogramme - 21.03.2010 (3)
  17. Virus Protector entfernen
    Anleitungen, FAQs & Links - 22.02.2010 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus Protector wie loswerden? - Okay, dann bitte folgendes. Versuchen wir mal ganz normal zu arbeiten. schritt 1 Temp File Cleaner Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem - Virus Protector wie loswerden?...
Archiv
Du betrachtest: Virus Protector wie loswerden? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130