Malware, Viren, Troianer?

[idila]

Hallo und danke, das es euch gibt!
In den letzten Tagen gehe ich gerade mein Laptop durch, mein Start ging zu lange, ansonsten hatte alles eigentlich PERFEKT funktioniert. Habe vor 2 Tagen mein Startup-Menü durchgearbeitet und Unwichtiges rausgenommen (mit Hilfe BleepingComputer.com -> Startup Programs Database), alles hat danach weiterhin PERFEKT funktioniert. Ansonsten habe ich Windows-Firewall und AVG aktiv, ebenso benutze ich Ad-Aware von Lavasaoft und ab und zu den CCleaner fürs Register, außerdem habe ich 'nen Telecom-Router fürs Wireless, aber das seht ihr ja in den einzelnen Logs.

Gestern kam, während ich auf Facebook war und jemand mich anchattete, ein Ad-Aware Alert vom Ad-Watch-Live, dass qttask (Apple Quick Time) im Register was ändern will; ich hatte qttask.exe aus dem Startmenü genommen, könnte also eventuell damit zusammenhängen, keine Ahnung, bevor ich jedoch entscheiden konnte, ob ich "diesen Prozess blockieren oder zulassen" will, war der Alert schon wieder weggeblendet. Zeitgleich blockierte sich alles, nichts ging mehr, Sanduhr ständig am Drehen, mußte 2x Explorer terminieren, sowas kenne ich seit Jahren nicht mehr. Heute gegoogelt: es gibt qttask-Troianer. Daher meine Bitte, ob jemand mal checken kann, ob da Malware am Arbeiten ist.

Habe nun Hijack, Gmer, Risit, Defogger laufen lassen und poste di Logs.

P.S. Konnte Ad-Aware (gratis Version) und AVG nicht abschalten, viel gegoogelt wie das geht, aber die scheinen ja nur durch Deinstallation stoppbar zu sein, also bei all den Logs waren AVG und Ad-Aware aktiviert, nur die Windows Firewall konnte ich abstellen.

P.S. Nachdem ich alle Log-Tools runtergeladen und auch habe laufen lassen, hat mein Compi angefangen zu spinnen. Mußte ihn 2x manuell runterfahren und neustarten, ist das normal?

Hier nun die Logs, Danke für jede Hilfe und eure Aufmerksamkeit!


GMER

HTML-Code:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-18 11:51:15
Windows 5.1.2600 Service Pack 3
Running: w4gik6cp.exe; Driver: C:\DOCUME~1\AH~1\IMPOST~1\Temp\pxtdipob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice  \Driver\Tcpip \Device\Udp                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Udp                Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice  \Driver\Tcpip \Device\RawIp              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp              Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

Defogger

HTML-Code:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:18 on 18/08/2010 (AH)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Rsit

HTML-Code:

Logfile of random's system information tool 1.08 (written by random/random)
Run by MeinName at 2010-08-18 13:06:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 61 GB (64%) free of 95 GB
Total RAM: 2046 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13.06.04, on 18/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\MeinName\Desktop\RSIT.exe
C:\Programmi\trend micro\MeinName.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 6424 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-12-18 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Programmi\AVG\AVG9\avgssie.dll [2010-07-21 1619296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programmi\Java\jre6\bin\jp2ssv.dll [2010-06-11 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-12-10 15691264]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-08-04 266240]
"QuickTime Task"=C:\Programmi\QuickTime\qttask.exe [2010-03-17 421888]
"IntelWireless"=C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-16 2065760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BRAVIS-{DC0F6114-52CD-420E-BAEB-ECC5BFB0B110}]
C:\Programmi\BRAVIS\Galaxee 4free\bravis.exe --autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-10-06 122940]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Programmi\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programmi\QuickTime\qttask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-05-12 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe [2005-12-17 761945]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
C:\WINDOWS\system32\TDispVol.exe [2005-09-16 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
TFncKy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programmi\File comuni\Real\Update_OB\realsched.exe [2009-12-18 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-12 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe [2005-11-30 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
C:\WINDOWS\system32\WDBtnMgr.exe [2010-06-22 364544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MeinName^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office OneNote 2003 Quick Launch.lnk]
C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE [2004-06-17 59080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\FILECO~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-04-29 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WD Backup Monitor.lnk]
C:\PROGRA~1\MYBOOK~1\WDBACK~1\UBBMON~1.EXE [2006-09-07 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-12-21 48128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-07-16 12536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programmi\AVG\AVG9\avgemc.exe"="C:\Programmi\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programmi\AVG\AVG9\avgupd.exe"="C:\Programmi\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programmi\AVG\AVG9\avgnsx.exe"="C:\Programmi\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programmi\Internet Explorer\iexplore.exe"="C:\Programmi\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Documents and Settings\MeinName\Desktop\PDF_Creator_Setup.exe"="C:\Documents and Settings\MeinName\Desktop\PDF_Creator_Setup.exe:*:Enabled:PDF Creator"
"C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-08-18 11:39:48 ----D---- C:\Documents and Settings\MeinName\Dati applicazioni\AVG9
2010-08-18 10:59:08 ----A---- C:\WINDOWS\system32\tasklist.exe
2010-08-18 09:17:46 ----D---- C:\rsit
2010-08-18 09:17:46 ----D---- C:\Programmi\trend micro
2010-08-16 16:36:30 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-08-16 16:22:15 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2010-08-16 16:22:13 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
2010-08-16 16:18:53 ----HDC---- C:\Documents and Settings\All Users\Dati applicazioni\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-16 16:18:22 ----D---- C:\Programmi\Lavasoft
2010-08-16 16:18:22 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft

======List of files/folders modified in the last 1 months======

2010-08-18 12:45:49 ----D---- C:\WINDOWS\Prefetch
2010-08-18 12:24:36 ----D---- C:\WINDOWS\network diagnostic
2010-08-18 12:01:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-18 12:00:10 ----D---- C:\WINDOWS\Temp
2010-08-18 11:59:02 ----D---- C:\WINDOWS\system32\Lang
2010-08-18 11:53:52 ----RASH---- C:\boot.ini
2010-08-18 11:53:52 ----A---- C:\WINDOWS\win.ini
2010-08-18 11:53:43 ----A---- C:\WINDOWS\system.ini
2010-08-18 11:44:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-18 10:59:08 ----D---- C:\WINDOWS\system32
2010-08-18 09:32:09 ----D---- C:\Programmi\CCleaner
2010-08-18 09:29:08 ----RD---- C:\Programmi
2010-08-18 09:28:34 ----D---- C:\WINDOWS\system32\drivers\Avg
2010-08-18 09:20:21 ----D---- C:\Programmi\DFM2HTML
2010-08-18 09:07:38 ----D---- C:\ce49501e2164987ae4f3820e0ca53d
2010-08-16 16:24:04 ----D---- C:\WINDOWS
2010-08-16 16:22:20 ----D---- C:\WINDOWS\system32\drivers
2010-08-16 16:22:19 ----HD---- C:\WINDOWS\inf
2010-08-16 16:22:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-16 16:18:53 ----SHD---- C:\WINDOWS\Installer
2010-08-16 16:18:16 ----D---- C:\WINDOWS\WinSxS
2010-08-16 12:45:43 ----D---- C:\Documents and Settings\MeinName\Dati applicazioni\Adobe
2010-08-14 00:55:26 ----AD---- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2010-08-12 08:53:46 ----RSD---- C:\WINDOWS\assembly
2010-08-12 08:50:37 ----D---- C:\WINDOWS\Microsoft.NET
2010-08-11 23:50:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-11 23:50:21 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-11 23:49:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-11 23:45:37 ----D---- C:\Programmi\Internet Explorer
2010-08-11 23:42:58 ----D---- C:\WINDOWS\Debug
2010-08-11 23:42:41 ----D---- C:\Programmi\Movie Maker
2010-08-11 17:53:57 ----D---- C:\VALUEADD
2010-08-06 10:23:10 ----D---- C:\Programmi\PeerBlock
2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
2010-07-27 08:29:44 ----A---- C:\WINDOWS\system32\shell32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-09-12 89264]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
R0 ohci1394;Controller host Texas Instruments IEEE 1394 compatibile OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-11-14 43528]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-16 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-03 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-16 243024]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Driver processore Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-12-17 21275]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;Trasporto WLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 Arp1394;Protocollo client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-21 1419264]
R3 HDAudBus;Driver bus UAA Microsoft per High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Driver di classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-10 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mouhid;Driver di mouse HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-30 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-17 191936]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbuhci;Driver Miniport Controller Universal Host USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-11 163328]
S3 hexmagic;hexmagic; \??\C:\WINDOWS\system32\drivers\hexmagic.sys []
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Programmi\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 pbfilter;pbfilter; \??\C:\Programmi\PeerBlock\pbfilter.sys []
S3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe stampanti USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-21 405504]
R2 avg9emc;AVG Free E-mail Scanner; C:\Programmi\AVG\AVG9\avgemc.exe [2010-07-21 921952]
R2 avg9wd;AVG Free WatchDog; C:\Programmi\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
R2 CFSvcs;ConfigFree Service; C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-18 40960]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Programmi\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe [2010-08-16 1355416]
R2 MDM;Machine Debug Manager; C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 TAPPSRV;TOSHIBA Application Service; C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
S3 aspnet_state;Servizio stato di ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Servizio di condivisione porte Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Hijack

HTML-Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11.13.01, on 18/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\AH\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 6123 bytes

[kira]

Herzlich Willkommen hier bei uns am HijackThis Supportboard!

**Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!**
Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst

ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!

Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten! Ansonsten verlangsamt unsere Arbeit, wenn wir immer wieder noch an Kleinigkeiten nachschlagen müssen und dadurch eventuell die Übersicht verloren geht...

P.S. Nachdem ich alle Log-Tools runtergeladen und auch habe laufen lassen, hat mein Compi angefangen zu spinnen. Mußte ihn 2x manuell runterfahren und neustarten, ist das normal?

► Seitdem Vorfall "streikt" dein PC noch, oder so etwas nicht mehr vorgekommen?
Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen und gleich ein spezielles Entfernungsprogramm einsetzen dazu:

1.
Dienst beenden:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

Code:

Lavasoft Ad-Aware Service - Lavasoft

2.
Lade Malwarebytes Anti-Malware (ca. 2 MB) von einem dieser Downloadspiegel herunter:

Malwarebytes - MajorGeeks.com - BestTechie

• Anwendbar auf Windows 2000, XP, Vista und Windows 7.
• Installiere das Programm in den vorgegebenen Pfad.
• Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
• Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
• Aktiviere "Komplett Scan durchführen" => Scan.
• Wähle alle verfügbaren Laufwerke aus und starte den Scan.
• Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
• Bei Funden in C:\System Volume Information den Haken entfernen.
  Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
  Er könnte jedoch trotz Malware noch gebraucht werden.
  
• Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Löschen".
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
• Berichte, wie der Rechner nun läuft.

Hier findest Du eine ausführliche und bebilderte Anleitung

3.
Zunächst bitte folgende Einstellungen vornehmen: System-Dateien und -Ordner unter XP, Vista und Win7 sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

4.
poste erneut:
► Trend Micro HijackThis-Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

5.
"Dateiliste mit HJTscanlist.bat erstellen"
Lade dir HJTscanlist.zip. -(Punkt 6) herunter ( den angegebenen Link anklicken ► Punkt 6. aussuchen ► Anweisungen folgen) anschließend das erhaltene Logfile hier posten.

6.

• Download den CCleaner
• Software-Lizenzvereinbarung lesen, falls angeboten wird ("Füge CCleaner Yahoo! Toolbar hinzu" - abwählen!)-> starten -> Falls nötig, unter Options settings -> "german" einstellen.
• starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
• ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Bitte alle Ergebnisse im Code-Tags posten!

vor dein Logfile (Textergebnis) schreibst du:[code]
hier kommt dein Logfile rein
dahinter:[/code]

gruß
argos

[idila]

Hallo Argos, vielen Dank für deine Antwort und Mühen!

Zitat von idila: P.S. Nachdem ich alle Log-Tools runtergeladen und auch habe laufen lassen, hat mein Compi angefangen zu spinnen. Mußte ihn 2x manuell runterfahren und neustarten, ist das normal?
Zitat von argos: Seitdem Vorfall "streikt" dein PC noch, oder so etwas nicht mehr vorgekommen?

Es ist nicht mehr vorgekommen. Allerdings was neues Komisches, ich konnte plötzlich nicht mehr auf meinen Dokumentenordner zugreifen: ich hätte keine Rechte dazu. Sowas ist mir noch nie in meinem 10 jährigen "Computerleben" passiert. Ohne ersichtlichen Grund, ich hatte nichts geändert, habe da auch kein Passwort, habe ihn vorher stundenlang problemlos öffnen können und es gibt nur mich als User. Habe den Compi neugestartet und es geht seitdem wieder. Es war heute etwa zwischen 19.00 - 19.30 Uhr passiert, falls es von der Ursache Spuren in den Logs geben sollte.


Bevor ich meine Logs poste, eine Sache, die mir aufgefallen ist und die kein Antivirenprogramm entdeckt, aber offenbar nicht in Ordnung ist: in C: ist ein Recycler S-1-5-21-2767231553-2537787753-3555782994-1006 (verborgener Ordner), den hatte ich schon mal kompliziert entfernt, nun ist er wieder da. Was ist das?


Nun die Logs
1. Habe Lavasoft und AVG-Dienst über Services.msc deaktiviert

2. Malwarebytes Anti-Malware Gratis Version installiert, upgedatet

3. alle Ordner sichtbar gemacht und Anti-Malware Vollscan gemacht
alles was gefunden wurde bezieht sich auf das Programm Funshion, welches allerdings nicht im Startup ist, seit Monaten auf dem Compi ist, nie ungewollt im Taskmgr zu sehen war und nie Probleme verursacht hat, ich habe es nun dennoch deinstalliert, da es eh dem Auge schadet (Gratis-schlechte-Kinofilmkopie-Streaming, lol), ich habe den Log dennoch gelassen (auch wenn Programm nun weg) als Dokumentation

Mbam Log

Code:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4449

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/08/2010 21.23.34
mbam-log-2010-08-19 (21-23-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 212570
Laufzeit: 51 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 25
Infizierte Dateien: 225

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fsp (Adware.Funshion) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Funshion Task (Adware.Funshion) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Programmi\Funshion Online (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\control (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\XPSP2Patch (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\Baiduflash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\Baiduflash\subflash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\cacheflash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flash (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\historyTorrent (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\media (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\Funshion\media\???? (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\Funshion\media\??2:?? (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\Funshion\media\????:???(100604) (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\Funshion\media\?????2;????? (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\Seed (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\update (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.1.0.20Beta (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.1.0.26Beta (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.2.0.17 (Adware.Funshion) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.2.0.17\FunshionInstall2.2.0.17.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\Uninstall.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\cook.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\CrashReport.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\dbghelp.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\drvc.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\Encrypt.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\Funshion-install.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\Funshion.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\FunshionGame.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\FunshionHelp.url (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\FunshionImg.jpg (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\funshionplugin2.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\FunshionService.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\GetMACAddress.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\LangResEnAmerican.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\pncrt.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\pndx5032.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\quality.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\rmoc3260.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\RouterSetting.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\UpdateHistory.url (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\upnp.dll (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\control\1272313990_17239948_1270101347_412.fsp-150.xml (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\control\1272313990_17239948_1270101347_412.fsp-m150.xml (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\control\1272313990_17239948_1270101347_412.fsp_120.xml (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\control\1273682961_5881262_1225700835_926.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\control\1273682961_5881262_1225700835_926.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\control\1279731555_18524595_1275640255_420.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\control\1279731555_18524595_1275640255_420.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\control\1280960929_18524595_1279965054_874.dat (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\control\1280960929_18524595_1279965054_874.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\control\task.xml (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\Buffering.gif (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\CaptionBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\CaptionCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\CaptionMaxBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\CaptionMenuBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\CaptionMenuBtnEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\CaptionMinBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\CaptionNormalBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\CaptionText.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\CaptionTextEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\DiskWarnning.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\DragCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\IeToolBarBack.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\IeToolBarBackEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\IeToolBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\IeToolBarForward.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\IeToolBarForwardEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\IeToolBarHomePage.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\IeToolBarHomePageEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\IeToolBarRefresh.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\IeToolBarRefreshEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\ListHeaderBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\ListHeaderSplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\MainNcFrameBtm.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\MainNcFrameLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\MainNcFrameRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\MainNcFrameTop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\MainNcLeftBtmCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\MainNcLeftTopCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\MainNcRightBtmCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\MainNcRightTopCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PauseAdCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayBarVolumeBarThumb.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayBufferInfoWndBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayBufferInfoWndLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayBufferInfoWndRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnFullView.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnMute.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnNext.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnNormal.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnPause.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnPlay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnPlayList.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnPre.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnSetting.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnStop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnVolume.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarLeftBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarRightBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerBarSplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerHideBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerHideBtnRgn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayerTipCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayInfoBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayInfoBkgndSel.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayInfoBtmBar.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayInfoBtnMenu.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayInfoCurPlay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayInfoHeaderBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayInfoTitleBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayListAddBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlayListRemove.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlaySplidBarBefore.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlaySplidBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlaySplidBarDownload.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlaySplidBarHead.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlaySplidBarThumb.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\PlaySplidBarTrail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\RpcLoading.gif (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\RpcStartDlgBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\ScrollBarDownArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\ScrollBarDownArrowRound.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\ScrollBarUpArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\ScrollBarUpArrowRound.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\ScrollBarVerBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\ScrollBarVerWidgetHead.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\ScrollBarVerWidgetMid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\ScrollLinkBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\ScrollLinkFrm.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\SettingDlgIcon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\SplidBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\SplidBarMark.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\StatusBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\StatusBarLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\StatusBarRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\StatusBarSplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskBarBtnMenu.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskBarBtnOpenLcl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskBarBtnShowPlayer.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskBarTipDownArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\taskdown.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskListRightLine.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskListStatIcons.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskListStatSelIcon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskManagerCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskManagerCloseTxtBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskMgnBarBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskMgnBarItem.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskMgnBarList.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskMgnBarLScrollBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskMgnBarRScrollBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskMgnTitleBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskMgnTitleLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskMgnTitleRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\taskpause.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\taskplaying.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\taskstop.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskTabBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarDelete.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarDeleteEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarDownload.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarDownloadEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarRestore.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarRestoreEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarStop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarStopEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\taskupload.ico (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\Thumbs.db (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TipBottomArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TipRightArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\skin\TipTopArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\XPSP2Patch\evid4226-vc80-mt.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Programmi\Funshion Online\Funshion\XPSP2Patch\funshion_clone.exe (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Funshion\Funshion Use Help.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Funshion\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Funshion\Pop Game Corpora.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Funshion\Uninstall Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Funshion\Update History.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\flash-1.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\fsdxdiag.txt (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\fstracert.txt (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\HEIDI_info.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\install.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\Baiduflash\fxPlayer2.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\cacheflash\blankFs.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\cacheflash\donghua1_16.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\cacheflash\donghua3_18.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flash\FunshionAD20100531.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\1A6A79C9_401B_4D3F_1E12_4C2F44EA50FA.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\343DE780_A288_7674_21B4_CA7ADACCEE96.date1280280863.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\407B3952_02DA_2101_F819_A651092761A1.date1279731509.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\40931B43_81A1_D499_AF89_8AED9251DE70.date1280093759.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\4CC725D7_D18A_9A7D_BD74_6F878AB969AC.date1280960845.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\6E071D52_BC76_6FF7_A82F_B7AA1F01ADAE.date1280960845.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\709FBADE_B26D_2071_BB94_8D416B2C5970.date1280093759.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\82D50BCA_9096_4F4A_26E0_FC9AB756D27A.date1280093759.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\8E90BA4F_EF1A_1394_D188_5AC9539241F7.date1280960845.flv (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\8FE04BD9_45E3_4347_A7C7_414C80DF8090.date1280280863.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\9695251C_846F_628E_F7B2_9913BE1C982F.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\A7DB56A1_E58A_F981_4612_D6775C804558.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\C2FBD6D4_9F59_D093_65AE_40AFB5671734.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\CCE75FFB_60CD_90E2_D0E3_4B9575DB1BD8.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\D798C866_02F1_DDE6_5A4B_9D3FAF70698D.date1279731509.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\F41403A3_8404_5F64_3305_498C42FDE261.date1280093759.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\F8C3BF31_E83A_5D7D_125F_D3691B53670F.date1280093759.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\FBAE76D4_31BC_AFCA_F06C_6482D9F2E033.date1280960845.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\FC5968D3_1013_C1A8_124D_334671C13F46.date1280093759.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\FDF2C77B_1FE8_AE3C_D6E1_07FF8B370FFC.date1279731509.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\cache\flashNew\FF5EC401_520C_9DB0_D41B_34B97126B002.date1280093759.swf (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\historyTorrent\FunshionInstall2.2.0.17.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\Funshion\historyTorrent\????.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\Funshion\historyTorrent\????:???(100604).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\ini\temp_config.ini (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\media\Install Latest Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\media\Start Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\Seed\12771583_1236583319_439.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\Seed\16727680_1268982953_259.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\Seed\17239948_1263966079_988.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\Seed\17239948_1265089519_564.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\Seed\18524595_1275640255_420.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\Seed\2111662_1203386651_304.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\Seed\5372255_1205130912_73.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\update\AdLinkParamFile.fax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\update\ad_define.fai (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\update\ad_material.fax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\update\flashParam.txt (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.1.0.20Beta.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.1.0.26Beta.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.1.0.27Beta.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.2.0.17.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\funshion\update\localad.fax (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\MeinName\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Avvio\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.

4. HijackThis Log

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.27.58, on 19/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\MeinName\Desktop\Hijack Forum\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 6348 bytes

5. HJTscanlist.bat Log

Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows XP [Versione 5.1.2600]
 
 
C:

  19/08/2010 21.23      C:\Programmi --------- 0 
  19/08/2010 19.53      C:\boot.ini --------- 211 
        C:\hiberfil.sys ---------  
        C:\pagefile.sys ---------  
  19/08/2010 19.49      C:\aaw7boot.log --------- 2497 
  18/08/2010 09.17      C:\rsit --------- 0 
  18/08/2010 09.07      C:\ce49501e2164987ae4f3820e0ca53d --------- 0 
  16/08/2010 16.24      C:\WINDOWS --------- 0 
  11/08/2010 17.53      C:\VALUEADD --------- 0 
  22/06/2010 22.32      C:\System Volume Information --------- 0 
  22/06/2010 21.39      C:\ArcDeviceInfo --------- 20 
  18/02/2010 20.28      C:\147aee25a41481d81704b59357 --------- 0 
  22/12/2009 20.22      C:\$AVG --------- 0 
  22/12/2009 12.47      C:\KPCMS --------- 0 
  18/12/2009 12.29      C:\ntldr --------- 251600 
  18/12/2009 00.44      C:\MSOCache --------- 0 
  18/12/2009 00.44      C:\I386 --------- 0 
  17/12/2009 23.35      C:\RECYCLER --------- 0 
  17/12/2009 23.28      C:\Documents and Settings --------- 0 
  17/12/2009 23.26      C:\TOOLSCD --------- 0 
  31/03/2006 16.51      C:\SUPPORT --------- 0 
  17/01/2006 10.33      C:\IO.SYS --------- 0 
  17/01/2006 10.33      C:\AUTOEXEC.BAT --------- 0 
  17/01/2006 10.33      C:\CONFIG.SYS --------- 0 
  17/01/2006 10.33      C:\MSDOS.SYS --------- 0 
  19/08/2004 13.00      C:\NTDETECT.COM --------- 47564 
  19/08/2004 13.00      C:\Bootfont.bin --------- 4952 
----------------------------------------

 
C:\WINDOWS

  19/08/2010 22.08     C:\WINDOWS\wiadebug.log --------- 254 
  19/08/2010 21.23     C:\WINDOWS\WindowsUpdate.log --------- 1464561 
  19/08/2010 19.53     C:\WINDOWS\win.ini --------- 573 
  19/08/2010 19.53     C:\WINDOWS\system.ini --------- 227 
  19/08/2010 19.49     C:\WINDOWS\0.log --------- 0 
  19/08/2010 19.49     C:\WINDOWS\wiaservc.log --------- 50 
  19/08/2010 19.49     C:\WINDOWS\bootstat.dat --------- 2048 
  19/08/2010 19.48     C:\WINDOWS\SchedLgU.Txt --------- 32578 
  18/08/2010 12.24     C:\WINDOWS\setupapi.log --------- 17438 
  11/08/2010 23.50     C:\WINDOWS\iis6.log --------- 9889 
  11/08/2010 23.50     C:\WINDOWS\ocmsn.log --------- 3860 
  11/08/2010 23.50     C:\WINDOWS\tsoc.log --------- 23590 
  11/08/2010 23.50     C:\WINDOWS\imsins.log --------- 1374 
  11/08/2010 23.50     C:\WINDOWS\comsetup.log --------- 20787 
  11/08/2010 23.50     C:\WINDOWS\ntdtcsetup.log --------- 12632 
  11/08/2010 23.50     C:\WINDOWS\KB982214.log --------- 12333 
  11/08/2010 23.50     C:\WINDOWS\ocgen.log --------- 29560 
  11/08/2010 23.50     C:\WINDOWS\msgsocm.log --------- 3090 
  11/08/2010 23.50     C:\WINDOWS\FaxSetup.log --------- 61827 
  11/08/2010 23.50     C:\WINDOWS\imsins.BAK --------- 1374 
  11/08/2010 23.50     C:\WINDOWS\KB2115168.log --------- 16723 
  11/08/2010 23.50     C:\WINDOWS\KB981852.log --------- 14047 
  11/08/2010 23.49     C:\WINDOWS\KB2079403.log --------- 17123 
  11/08/2010 23.49     C:\WINDOWS\updspapi.log --------- 3938 
  11/08/2010 23.45     C:\WINDOWS\KB2183461-IE8.log --------- 15066 
  11/08/2010 23.45     C:\WINDOWS\KB2160329.log --------- 13215 
  11/08/2010 23.45     C:\WINDOWS\KB980436.log --------- 12564 
  11/08/2010 23.42     C:\WINDOWS\KB981997.log --------- 6779 
  11/08/2010 23.42     C:\WINDOWS\KB982665.log --------- 11107 
  03/08/2010 15.21     C:\WINDOWS\KB2286198.log --------- 8897 
  03/08/2010 15.21     C:\WINDOWS\setupact.log --------- 0 
  03/08/2010 15.21     C:\WINDOWS\setuperr.log --------- 0 
  25/06/2010 17.08     C:\WINDOWS\PROTOCOL.INI --------- 0 
  18/02/2010 20.43     C:\WINDOWS\BRWMARK.INI --------- 456 
  11/02/2010 03.16     C:\WINDOWS\setupapi.log.0.old --------- 1025358 
  06/01/2010 13.07     C:\WINDOWS\d3dx.dat --------- 4096 
  22/12/2009 19.58     C:\WINDOWS\BRPP2KA.INI --------- 27 
  22/12/2009 12.48     C:\WINDOWS\KPCMS.INI --------- 173 
  18/12/2009 14.35     C:\WINDOWS\WMSysPr9.prx --------- 316640 
  18/12/2009 12.05     C:\WINDOWS\ODBC.INI --------- 424 
  14/04/2008 04.14     C:\WINDOWS\winhlp32.exe --------- 286720 
  14/04/2008 04.14     C:\WINDOWS\slrundll.exe --------- 32866 
  14/04/2008 04.14     C:\WINDOWS\regedit.exe --------- 151552 
  14/04/2008 04.14     C:\WINDOWS\notepad.exe --------- 70144 
  14/04/2008 04.14     C:\WINDOWS\hh.exe --------- 10752 
  14/04/2008 04.14     C:\WINDOWS\explorer.exe --------- 1036288 
  14/04/2008 04.13     C:\WINDOWS\twain_32.dll --------- 50688 
  28/12/2006 21.01     C:\WINDOWS\002502_.tmp --------- 19569 
  31/03/2006 18.08     C:\WINDOWS\EOLAS.tag --------- 14 
  19/01/2006 11.11     C:\WINDOWS\REGLOCS.OLD --------- 8192 
  17/01/2006 16.06     C:\WINDOWS\smscfg.ini --------- 61 
  17/01/2006 15.09     C:\WINDOWS\wininit.ini --------- 320 
  17/01/2006 14.49     C:\WINDOWS\NDSTray.INI --------- 0 
  17/01/2006 11.28     C:\WINDOWS\Sti_Trace.log --------- 0 
  17/01/2006 10.39     C:\WINDOWS\orun32.isu --------- 202033 
  17/01/2006 10.39     C:\WINDOWS\orun32.ini --------- 825 
  17/01/2006 10.33     C:\WINDOWS\control.ini --------- 0 
  17/01/2006 10.32     C:\WINDOWS\ODBCINST.INI --------- 4161 
  17/01/2006 10.31     C:\WINDOWS\WindowsShell.Manifest --------- 749 
  17/01/2006 10.30     C:\WINDOWS\vbaddin.ini --------- 37 
  17/01/2006 10.30     C:\WINDOWS\vb.ini --------- 36 
  10/12/2005 00.49     C:\WINDOWS\RTHDCPL.exe --------- 15691264 
  09/12/2005 01.42     C:\WINDOWS\MicCal.exe --------- 2142208 
  03/11/2005 00.56     C:\WINDOWS\RTLCPL.exe --------- 9710592 
  27/10/2005 16.17     C:\WINDOWS\TWallEx43_169.exe --------- 237568 
  21/10/2005 22.49     C:\WINDOWS\RtlUpd.exe --------- 356352 
  15/10/2005 15.29     C:\WINDOWS\agrsmmsg.exe --------- 88203 
  11/10/2005 22.33     C:\WINDOWS\alcwzrd.exe --------- 2807808 
  06/10/2005 06.20     C:\WINDOWS\DLA.EXE --------- 94263 
  21/09/2005 19.24     C:\WINDOWS\SoundMan.exe --------- 86016 
  11/05/2005 17.00     C:\WINDOWS\TBTdetect.exe --------- 245760 
  04/05/2005 03.43     C:\WINDOWS\Alcmtr.exe --------- 69632 
  03/05/2005 13.10     C:\WINDOWS\agrsmdel.exe --------- 68096 
  17/04/2005 07.20     C:\WINDOWS\RtlExUpd.dll --------- 487424 
  14/02/2005 09.54     C:\WINDOWS\TVersion.xml --------- 173 
  20/12/2004 15.39     C:\WINDOWS\TBTdetect.ini --------- 466 
  08/12/2004 17.04     C:\WINDOWS\cfdemo.scr --------- 45056 
  19/08/2004 13.00     C:\WINDOWS\clock.avi --------- 82944 
  19/08/2004 13.00     C:\WINDOWS\TASKMAN.EXE --------- 15360 
  19/08/2004 13.00     C:\WINDOWS\msdfmap.ini --------- 1405 
  19/08/2004 13.00     C:\WINDOWS\desktop.ini --------- 2 
  19/08/2004 13.00     C:\WINDOWS\explorer.scf --------- 80 
  19/08/2004 13.00     C:\WINDOWS\vmmreg32.dll --------- 18944 
  19/08/2004 13.00     C:\WINDOWS\twain.dll --------- 94816 
  19/08/2004 13.00     C:\WINDOWS\twunk_16.exe --------- 49680 
  19/08/2004 13.00     C:\WINDOWS\twunk_32.exe --------- 25600 
  19/08/2004 13.00     C:\WINDOWS\winhelp.exe --------- 256859 
  19/08/2004 13.00     C:\WINDOWS\wmprfITA.prx --------- 36800 
  19/08/2004 13.00     C:\WINDOWS\_default.pif --------- 707 
  09/10/2003 18.55     C:\WINDOWS\cfdemo.exe --------- 20966970 
  07/11/2002 12.35     C:\WINDOWS\MakeMrk.exe --------- 159744 
  03/09/2002 13.02     C:\WINDOWS\unlite3.exe --------- 72192 
  18/06/1999 22.13     C:\WINDOWS\sprof32.dll --------- 133120 
  26/05/1999 10.46     C:\WINDOWS\pfpick.dll --------- 58368 
  26/05/1999 10.46     C:\WINDOWS\kpsys32.dll --------- 37376 
  26/05/1999 10.46     C:\WINDOWS\kpcp32.dll --------- 196608 
  26/05/1999 10.46     C:\WINDOWS\icccodes.dll --------- 20992 
  26/05/1999 10.46     C:\WINDOWS\iccsigs.dat --------- 40129 
  23/03/1999 08.12     C:\WINDOWS\unin0407.exe --------- 304128 
  13/11/1998 13.07     C:\WINDOWS\IsUn0410.exe --------- 307712 
----------------------------------------

 
C:\WINDOWS\System

 14/04/2008 04.14    C:\WINDOWS\System\winspool.drv --------- 146944 
 19/08/2004 13.00    C:\WINDOWS\System\AVIFILE.DLL --------- 109520 
 19/08/2004 13.00    C:\WINDOWS\System\COMMDLG.DLL --------- 33632 
 19/08/2004 13.00    C:\WINDOWS\System\KEYBOARD.DRV --------- 2000 
 19/08/2004 13.00    C:\WINDOWS\System\LZEXPAND.DLL --------- 9936 
 19/08/2004 13.00    C:\WINDOWS\System\MCIAVI.DRV --------- 73664 
 19/08/2004 13.00    C:\WINDOWS\System\MCISEQ.DRV --------- 25296 
 19/08/2004 13.00    C:\WINDOWS\System\MCIWAVE.DRV --------- 28160 
 19/08/2004 13.00    C:\WINDOWS\System\MMSYSTEM.DLL --------- 69664 
 19/08/2004 13.00    C:\WINDOWS\System\MMTASK.TSK --------- 1152 
 19/08/2004 13.00    C:\WINDOWS\System\MOUSE.DRV --------- 2032 
 19/08/2004 13.00    C:\WINDOWS\System\AVICAP.DLL --------- 70320 
 19/08/2004 13.00    C:\WINDOWS\System\OLECLI.DLL --------- 83456 
 19/08/2004 13.00    C:\WINDOWS\System\OLESVR.DLL --------- 24064 
 19/08/2004 13.00    C:\WINDOWS\System\setup.inf --------- 59167 
 19/08/2004 13.00    C:\WINDOWS\System\SHELL.DLL --------- 5120 
 19/08/2004 13.00    C:\WINDOWS\System\SOUND.DRV --------- 1744 
 19/08/2004 13.00    C:\WINDOWS\System\stdole.tlb --------- 5532 
 19/08/2004 13.00    C:\WINDOWS\System\SYSTEM.DRV --------- 3360 
 19/08/2004 13.00    C:\WINDOWS\System\TAPI.DLL --------- 19200 
 19/08/2004 13.00    C:\WINDOWS\System\TIMER.DRV --------- 4080 
 19/08/2004 13.00    C:\WINDOWS\System\VER.DLL --------- 9171 
 19/08/2004 13.00    C:\WINDOWS\System\VGA.DRV --------- 2176 
 19/08/2004 13.00    C:\WINDOWS\System\WFWNET.DRV --------- 13600 
 19/08/2004 13.00    C:\WINDOWS\System\MSVIDEO.DLL --------- 127168 
----------------------------------------

 
C:\WINDOWS\System32

 19/08/2010 21.24     C:\WINDOWS\system32\drivers --------- 0 
 19/08/2010 19.50     C:\WINDOWS\system32\Lang --------- 0 
 19/08/2010 18.53     C:\WINDOWS\system32\CatRoot2 --------- 0 
 16/08/2010 16.22     C:\WINDOWS\system32\DRVSTORE --------- 0 
 12/08/2010 08.27     C:\WINDOWS\system32\FNTCACHE.DAT --------- 245512 
 11/08/2010 23.50     C:\WINDOWS\system32\dllcache --------- 0 
 11/08/2010 23.49     C:\WINDOWS\system32\perfc010.dat --------- 84354 
 11/08/2010 23.49     C:\WINDOWS\system32\perfh010.dat --------- 489648 
 11/08/2010 23.49     C:\WINDOWS\system32\perfh009.dat --------- 441458 
 11/08/2010 23.49     C:\WINDOWS\system32\perfc009.dat --------- 71394 
 11/08/2010 23.49     C:\WINDOWS\system32\PerfStringBackup.INI --------- 1056408 
 03/08/2010 20.09     C:\WINDOWS\system32\MRT.exe --------- 35962312 
 27/07/2010 08.29     C:\WINDOWS\system32\shell32.dll --------- 8491520 
 25/07/2010 19.19     C:\WINDOWS\system32\wpa.dbl --------- 1158 
 16/07/2010 11.44     C:\WINDOWS\system32\avgrsstx.dll --------- 12536 
 12/07/2010 10.55     C:\WINDOWS\system32\lsdelete.exe --------- 15880 
 30/06/2010 14.31     C:\WINDOWS\system32\schannel.dll --------- 149504 
 24/06/2010 17.52     C:\WINDOWS\system32\ieframe.dll --------- 11077120 
 24/06/2010 14.22     C:\WINDOWS\system32\occache.dll --------- 206848 
 24/06/2010 14.22     C:\WINDOWS\system32\urlmon.dll --------- 1210368 
 24/06/2010 14.22     C:\WINDOWS\system32\mstime.dll --------- 611840 
 24/06/2010 14.22     C:\WINDOWS\system32\wininet.dll --------- 916480 
 24/06/2010 14.22     C:\WINDOWS\system32\mshtml.dll --------- 5951488 
 24/06/2010 14.22     C:\WINDOWS\system32\jsproxy.dll --------- 25600 
 24/06/2010 14.22     C:\WINDOWS\system32\msfeedsbs.dll --------- 55296 
 24/06/2010 14.22     C:\WINDOWS\system32\inetcpl.cpl --------- 1469440 
 24/06/2010 14.22     C:\WINDOWS\system32\msfeeds.dll --------- 599040 
 24/06/2010 14.22     C:\WINDOWS\system32\iertutil.dll --------- 1986560 
 24/06/2010 14.22     C:\WINDOWS\system32\iepeers.dll --------- 184320 
 24/06/2010 14.22     C:\WINDOWS\system32\iedkcs32.dll --------- 387584 
 24/06/2010 11.02     C:\WINDOWS\system32\win32k.sys --------- 1851904 
 23/06/2010 14.08     C:\WINDOWS\system32\ie4uinit.exe --------- 173056 
 22/06/2010 21.37     C:\WINDOWS\system32\WDBtnMgr.exe --------- 364544 
 17/06/2010 16.03     C:\WINDOWS\system32\iccvid.dll --------- 80384 
 15/06/2010 18.16     C:\WINDOWS\system32\l3codecx.ax --------- 143422 
 14/06/2010 09.41     C:\WINDOWS\system32\msxml3.dll --------- 1172480 
 13/06/2010 17.16     C:\WINDOWS\system32\unins000.dat --------- 2928 
 13/06/2010 17.15     C:\WINDOWS\system32\unins000.exe --------- 716153 
 11/06/2010 13.45     C:\WINDOWS\system32\javaws.exe --------- 153376 
 11/06/2010 13.45     C:\WINDOWS\system32\javaw.exe --------- 145184 
 11/06/2010 13.45     C:\WINDOWS\system32\javacpl.cpl --------- 73728 
 11/06/2010 13.45     C:\WINDOWS\system32\java.exe --------- 145184 
 11/06/2010 13.45     C:\WINDOWS\system32\deployJava1.dll --------- 411368 
 26/05/2010 02.47     C:\WINDOWS\system32\TZLog.log --------- 12140 
 28/04/2010 07.41     C:\WINDOWS\system32\ntkrnlpa.exe --------- 2028032 
 28/04/2010 07.41     C:\WINDOWS\system32\ntoskrnl.exe --------- 2149888 
 21/04/2010 15.28     C:\WINDOWS\system32\tzchange.exe --------- 46080 
 20/04/2010 07.30     C:\WINDOWS\system32\atmfd.dll --------- 285696 
 03/04/2010 03.33     C:\WINDOWS\system32\WMVCore.dll --------- 2365288 
 31/03/2010 00.16     C:\WINDOWS\system32\PresentationHostProxy.dll --------- 99176 
 31/03/2010 00.10     C:\WINDOWS\system32\PresentationHost.exe --------- 295264 
 17/03/2010 21.53     C:\WINDOWS\system32\QuickTimeVR.qtx --------- 94208 
 17/03/2010 21.53     C:\WINDOWS\system32\QuickTime.qts --------- 69632 
 10/03/2010 08.15     C:\WINDOWS\system32\vbscript.dll --------- 420352 
 05/03/2010 16.38     C:\WINDOWS\system32\asycfilt.dll --------- 65536 
 22/02/2010 23.49     C:\WINDOWS\system32\Adobe --------- 0 
 19/02/2010 06.14     C:\WINDOWS\system32\CatRoot --------- 0 
 18/02/2010 20.32     C:\WINDOWS\system32\it-IT --------- 0 
 18/02/2010 20.29     C:\WINDOWS\system32\XPSViewer --------- 0 
 18/02/2010 20.29     C:\WINDOWS\system32\en-US --------- 0 
 18/02/2010 20.28     C:\WINDOWS\system32\spool --------- 0 
 12/02/2010 12.03     C:\WINDOWS\system32\browserchoice.exe --------- 293376 
 12/02/2010 06.33     C:\WINDOWS\system32\6to4svc.dll --------- 100864 
 05/02/2010 20.25     C:\WINDOWS\system32\quartz.dll --------- 1296896 
 29/01/2010 16.59     C:\WINDOWS\system32\inetcomm.dll --------- 691712 
 29/01/2010 16.43     C:\WINDOWS\system32\l3codeca.acm --------- 307260 
 13/01/2010 16.00     C:\WINDOWS\system32\cabview.dll --------- 86528 
 24/12/2009 08.59     C:\WINDOWS\system32\wintrust.dll --------- 177664 
 22/12/2009 14.33     C:\WINDOWS\system32\brss01a.ini --------- 30 
 22/12/2009 14.33     C:\WINDOWS\system32\brsvc01a.bsi --------- 184 
 18/12/2009 16.49     C:\WINDOWS\system32\rmoc3260.dll --------- 185920 
 18/12/2009 16.49     C:\WINDOWS\system32\pndx5032.dll --------- 5632 
 18/12/2009 16.49     C:\WINDOWS\system32\pndx5016.dll --------- 6656 
 18/12/2009 16.49     C:\WINDOWS\system32\msvcr71.dll --------- 348160 
 18/12/2009 16.49     C:\WINDOWS\system32\msvcp71.dll --------- 499712 
 18/12/2009 16.49     C:\WINDOWS\system32\pncrt.dll --------- 278528 
 18/12/2009 14.34     C:\WINDOWS\system32\spupdwxp.log --------- 90 
 18/12/2009 14.34     C:\WINDOWS\system32\Setup --------- 0 
 18/12/2009 14.34     C:\WINDOWS\system32\wbem --------- 0 
 18/12/2009 12.36     C:\WINDOWS\system32\usmt --------- 0 
 18/12/2009 12.36     C:\WINDOWS\system32\it --------- 0 
 18/12/2009 12.36     C:\WINDOWS\system32\bits --------- 0 
 18/12/2009 12.32     C:\WINDOWS\system32\Restore --------- 0 
 18/12/2009 12.32     C:\WINDOWS\system32\npp --------- 0 
 18/12/2009 12.32     C:\WINDOWS\system32\Com --------- 0 
 18/12/2009 12.32     C:\WINDOWS\system32\oobe --------- 0 
 18/12/2009 12.29     C:\WINDOWS\system32\ReinstallBackups --------- 0 
 18/12/2009 01.03     C:\WINDOWS\system32\IME --------- 0 
 17/12/2009 23.49     C:\WINDOWS\system32\LuResult.txt --------- 94 
 17/12/2009 23.47     C:\WINDOWS\system32\PreInstall --------- 0 
 17/12/2009 23.37     C:\WINDOWS\system32\SoftwareDistribution --------- 0 
 17/12/2009 23.32     C:\WINDOWS\system32\results.txt --------- 308 
 17/12/2009 23.27     C:\WINDOWS\system32\$winnt$.inf --------- 520 
 17/12/2009 09.40     C:\WINDOWS\system32\mspaint.exe --------- 346112 
 14/12/2009 09.08     C:\WINDOWS\system32\csrsrv.dll --------- 33280 
 09/12/2009 07.53     C:\WINDOWS\system32\jscript.dll --------- 726528 
 08/12/2009 11.23     C:\WINDOWS\system32\shlwapi.dll --------- 474624 
 27/11/2009 19.12     C:\WINDOWS\system32\msyuv.dll --------- 17920 
 27/11/2009 18.07     C:\WINDOWS\system32\tsbyuv.dll --------- 8704 
 27/11/2009 18.07     C:\WINDOWS\system32\msrle32.dll --------- 11264 
----------------------------------------

 
C:\WINDOWS\Prefetch

 19/08/2010 22.17     C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf --------- 12848 
 19/08/2010 22.13     C:\WINDOWS\Prefetch\RUNDLL32.EXE-1329FF7E.pf --------- 58254 
 19/08/2010 22.13     C:\WINDOWS\Prefetch\IEXPLORE.EXE-1BA17782.pf --------- 73070 
----------------------------------------

 
C:\WINDOWS\Tasks

 19/08/2010 19.49     C:\WINDOWS\Tasks\SA.DAT --------- 6 
 19/08/2010 16.22     C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job --------- 492 
 19/08/2004 13.00     C:\WINDOWS\Tasks\desktop.ini --------- 65 
----------------------------------------

 
C:\WINDOWS\Temp

 19/08/2010 17.40     C:\WINDOWS\Temp\2bbef23b-9eef-445e-b5f1-aaa7286bc111 --------- 0 
 19/08/2010 09.52     C:\WINDOWS\Temp\780db305-ef80-43fc-8682-70f43307040f --------- 0 
 18/08/2010 21.04     C:\WINDOWS\Temp\4a6e170c-ce54-43d3-8e9b-6dfbb3163a16 --------- 0 
 18/08/2010 11.43     C:\WINDOWS\Temp\Perflib_Perfdata_b8c.dat --------- 16384 
 18/08/2010 09.28     C:\WINDOWS\Temp\6bf14fcf-3250-41b0-a402-e826483d7fc9 --------- 0 
 17/08/2010 17.30     C:\WINDOWS\Temp\ec1ea952-6b14-49ec-9201-7edb3ae9eb66 --------- 0 
 17/08/2010 09.05     C:\WINDOWS\Temp\69074cd6-19da-4af3-9dfd-3344e7acbe14 --------- 0 
 16/08/2010 10.46     C:\WINDOWS\Temp\3e8027db-f768-480e-b282-0803a08e2917 --------- 0 
 15/08/2010 17.47     C:\WINDOWS\Temp\4144365d-2393-4923-b089-2daa2839163f --------- 0 
 15/08/2010 00.42     C:\WINDOWS\Temp\e38c6219-3842-44ed-b1b7-e027f9c02a5e --------- 0 
 14/08/2010 09.43     C:\WINDOWS\Temp\c9e06cc0-87db-491e-81f2-fe2c607e24a0 --------- 0 
 13/08/2010 17.18     C:\WINDOWS\Temp\fbff6a36-5561-434b-8d9a-a6d8ee9903f2 --------- 0 
 13/08/2010 09.05     C:\WINDOWS\Temp\fea21b70-6710-49df-983d-0fca34944b93 --------- 0 
 12/08/2010 17.23     C:\WINDOWS\Temp\f6ac678a-57c3-471e-8ffc-e647f7dfeb6d --------- 0 
 12/08/2010 08.52     C:\WINDOWS\Temp\13afa031-46df-4aa5-9efc-76fb7fea3658 --------- 0 
 11/08/2010 23.49     C:\WINDOWS\Temp\ASPNETSetup_00001.log --------- 5158 
 11/08/2010 23.45     C:\WINDOWS\Temp\dd_clwireg.txt --------- 49638 
 11/08/2010 16.52     C:\WINDOWS\Temp\722875ed-5bc5-4a54-a891-98f28224b83f --------- 0 
 10/08/2010 18.50     C:\WINDOWS\Temp\577fe4ca-c6fa-4410-b2bd-fa9aa3fc0271 --------- 0 
 10/08/2010 12.08     C:\WINDOWS\Temp\5332ce00-4bf7-46e1-9978-b4a8c6a9bc04 --------- 0 
 09/08/2010 18.03     C:\WINDOWS\Temp\ceafa07e-7f9a-436b-9ae9-972c3b961c36 --------- 0 
 09/08/2010 11.41     C:\WINDOWS\Temp\b3cd1ec0-cdbc-4c1f-a1ab-8aea8768c80a --------- 0 
 08/08/2010 10.51     C:\WINDOWS\Temp\ad4864f3-8a29-413e-bf15-b94910853a8f --------- 0 
 08/08/2010 10.50     C:\WINDOWS\Temp\avginfo.id --------- 50 
 07/08/2010 10.47     C:\WINDOWS\Temp\80377ba7-b09e-4641-88de-89f5dd506702 --------- 0 
 06/08/2010 17.04     C:\WINDOWS\Temp\db8ba6c5-43a7-4661-a59b-e632f61ffa56 --------- 0 
 06/08/2010 09.31     C:\WINDOWS\Temp\725797b9-9d49-40e3-bfbf-b5e02a195729 --------- 0 
 05/08/2010 17.20     C:\WINDOWS\Temp\3b11348a-3658-44c6-8bff-8f898bdf4796 --------- 0 
 04/08/2010 23.23     C:\WINDOWS\Temp\11952d2b-5033-48bc-ba61-b35a04d6dc8a --------- 0 
 04/08/2010 08.44     C:\WINDOWS\Temp\dbe361d8-942d-494e-8038-d4a147616224 --------- 0 
 03/08/2010 11.10     C:\WINDOWS\Temp\6654095c-3d7e-4fe5-a402-09c25bad14bd --------- 0 
 02/08/2010 12.32     C:\WINDOWS\Temp\10b7eb03-167c-48cb-8f5e-ce55a9a1d321 --------- 0 
 01/08/2010 18.15     C:\WINDOWS\Temp\45e9bfa7-a4c3-453f-8fa1-16ab02e8e590 --------- 0 
 01/08/2010 00.38     C:\WINDOWS\Temp\768e5e90-44bb-4095-a606-1a73d9c748d8 --------- 0 
 31/07/2010 08.22     C:\WINDOWS\Temp\b5acd59f-23dd-4ecc-8e8a-c0ca5a935c12 --------- 0 
 30/07/2010 09.36     C:\WINDOWS\Temp\051ba804-92f4-4b73-af20-525ffccc9500 --------- 0 
 29/07/2010 18.57     C:\WINDOWS\Temp\8e117e06-f4cb-44b9-b8a4-d74dad7abab2 --------- 0 
 29/07/2010 09.47     C:\WINDOWS\Temp\0e4fec28-ae18-45de-b937-3e91d5066a89 --------- 0 
 28/07/2010 17.46     C:\WINDOWS\Temp\5af0ec31-699f-4268-8b23-864cda80cba8 --------- 0 
 28/07/2010 03.11     C:\WINDOWS\Temp\07f31533-bb2b-40d7-b0e5-f6e61e0981a4 --------- 0 
 27/07/2010 08.24     C:\WINDOWS\Temp\d8631d0a-6796-4554-a7bb-477acbc8f148 --------- 0 
 26/07/2010 19.06     C:\WINDOWS\Temp\c767b33a-8e46-4498-950e-0100ac21038d --------- 0 
 26/07/2010 10.15     C:\WINDOWS\Temp\1a46da85-3f0e-4c33-9a11-967f4c7f8738 --------- 0 
 25/07/2010 19.24     C:\WINDOWS\Temp\f3befdce-627d-4252-8545-ad72db63ae94 --------- 0 
 24/07/2010 11.36     C:\WINDOWS\Temp\d7503a2d-32b6-4ffa-95f4-f48ee0b44bfe --------- 0 
 24/07/2010 01.55     C:\WINDOWS\Temp\3272c8f4-943d-48b4-8a7c-b87b7e8088bc --------- 0 
 23/07/2010 11.43     C:\WINDOWS\Temp\6519c12c-b8dd-4c24-924a-885061265ed3 --------- 0 
 22/07/2010 18.33     C:\WINDOWS\Temp\d636fd25-a4f2-4343-ab79-2a3b0e32dcce --------- 0 
 22/07/2010 09.38     C:\WINDOWS\Temp\eea28b35-bc88-4081-a136-888d3de303dd --------- 0 
 21/07/2010 19.01     C:\WINDOWS\Temp\9291ad7f-4727-4126-9a92-62bef077c0b7 --------- 0 
 21/07/2010 10.01     C:\WINDOWS\Temp\e14c2733-624e-4455-89f5-8783a85e786a --------- 0 
 20/07/2010 13.59     C:\WINDOWS\Temp\f49b44dd-04ab-41bd-8f4d-6650a45e3900 --------- 0 
 19/07/2010 17.12     C:\WINDOWS\Temp\0abd1a51-b2af-4701-8169-2879c847f22b --------- 0 
 19/07/2010 12.44     C:\WINDOWS\Temp\0492e75a-5b39-4d1c-9b29-9387c5a75ba3 --------- 0 
 18/07/2010 19.43     C:\WINDOWS\Temp\ba1cb26e-adc9-4aaa-a426-bc595033a5ab --------- 0 
 18/07/2010 10.37     C:\WINDOWS\Temp\ed6ae8f9-d6ff-45b2-8c02-0481338e52f6 --------- 0 
 17/07/2010 20.13     C:\WINDOWS\Temp\137e4491-bd2a-4446-be8f-a04e95fd7c8b --------- 0 
 17/07/2010 08.07     C:\WINDOWS\Temp\8a319936-0fe6-410d-b1ca-a02f8002c985 --------- 0 
 16/07/2010 11.42     C:\WINDOWS\Temp\8b241dd8-e380-4be6-a33d-ec99941001f4 --------- 0 
 15/07/2010 09.00     C:\WINDOWS\Temp\98f5b423-3d6b-4c4c-a5d1-969b011ecce3 --------- 0 
 14/07/2010 12.02     C:\WINDOWS\Temp\079ff34f-2031-43cb-8e81-e533c7bc3b54 --------- 0 
 13/07/2010 20.39     C:\WINDOWS\Temp\d77cf01c-eea8-4d42-b854-b37295369f31 --------- 0 
 13/07/2010 08.47     C:\WINDOWS\Temp\2652f219-43d3-4a87-b507-f33af021c895 --------- 0 
 12/07/2010 12.03     C:\WINDOWS\Temp\66814669-9b61-4eda-8a90-f25f5005bac9 --------- 0 
 11/07/2010 18.28     C:\WINDOWS\Temp\05ec655c-8551-48c2-a3c4-048e3bc42cda --------- 0 
 11/07/2010 06.23     C:\WINDOWS\Temp\c27c00ce-0569-46af-b61d-e73add0e5b45 --------- 0 
 10/07/2010 01.25     C:\WINDOWS\Temp\0078f30b-9530-47a1-868c-cfb468d7db0a --------- 0 
 09/07/2010 13.02     C:\WINDOWS\Temp\98134c95-1204-4259-adb9-30e9928885e3 --------- 0 
 08/07/2010 12.24     C:\WINDOWS\Temp\e50ef21b-5108-4907-bc7f-3fd6b98961f3 --------- 0 
 07/07/2010 18.12     C:\WINDOWS\Temp\9512e2cd-6d16-4bae-8daa-17b78f8df4c9 --------- 0 
 06/07/2010 23.42     C:\WINDOWS\Temp\cbe1200e-b037-4a46-a4c8-199f0e6859bf --------- 0 
 05/07/2010 18.45     C:\WINDOWS\Temp\7f510b02-9e73-46eb-af1d-922874998074 --------- 0 
 05/07/2010 09.27     C:\WINDOWS\Temp\ed75143d-a209-41bd-8b4b-7ccb2f3ece95 --------- 0 
 04/07/2010 17.02     C:\WINDOWS\Temp\f5191808-df12-4092-bdc6-bb9f1be1d06c --------- 0 
 04/07/2010 09.51     C:\WINDOWS\Temp\6464ae1f-4a04-464a-a136-dd27fd0d1292 --------- 0 
 03/07/2010 18.29     C:\WINDOWS\Temp\71219b7e-120c-4e06-b91f-e16d7da2e6f2 --------- 0 
 03/07/2010 07.55     C:\WINDOWS\Temp\7c64dfc5-41b5-408b-a040-b784b7bd7bc2 --------- 0 
 02/07/2010 10.10     C:\WINDOWS\Temp\d3ab4d55-23fd-4395-b1a5-a211402a3626 --------- 0 
 01/07/2010 18.15     C:\WINDOWS\Temp\7564a895-cf93-434d-b096-a65cb99abbf8 --------- 0 
 01/07/2010 10.41     C:\WINDOWS\Temp\868033e7-53a7-4300-9adb-9acadfe5758d --------- 0 
 30/06/2010 18.29     C:\WINDOWS\Temp\5f24a798-88e3-4201-9cf7-922e42bfc915 --------- 0 
 30/06/2010 08.53     C:\WINDOWS\Temp\8b781fd3-ed71-404e-bf70-814b28533e25 --------- 0 
 29/06/2010 17.51     C:\WINDOWS\Temp\db06245c-abcd-49fb-86d1-950e09d47400 --------- 0 
 29/06/2010 08.45     C:\WINDOWS\Temp\9c751e74-b2a5-49e7-8ac7-cfeb2c150913 --------- 0 
 28/06/2010 17.43     C:\WINDOWS\Temp\06e05713-ece7-4f3c-b679-488153171087 --------- 0 
 28/06/2010 08.53     C:\WINDOWS\Temp\b3c82237-bf3e-4632-b75f-b205520ea860 --------- 0 
 27/06/2010 18.30     C:\WINDOWS\Temp\96677579-d2c6-42da-bbac-4f6eec15201b --------- 0 
 27/06/2010 10.06     C:\WINDOWS\Temp\c3925c10-b2c0-49e6-b950-c75d9b0daaaa --------- 0 
 26/06/2010 19.00     C:\WINDOWS\Temp\d87873dd-bc3c-4569-beff-71aa82e5a88a --------- 0 
 26/06/2010 09.15     C:\WINDOWS\Temp\08e8cbcd-3b44-42c9-bf0f-3d49d0e693f2 --------- 0 
 25/06/2010 20.41     C:\WINDOWS\Temp\8c9d1a03-d995-4a10-8d27-d6414b3e616e --------- 0 
 25/06/2010 10.09     C:\WINDOWS\Temp\53b91546-15f1-43de-bbf6-7c3368304f7d --------- 0 
 24/06/2010 17.49     C:\WINDOWS\Temp\0c7717c4-80ae-41f3-bb69-823b75483862 --------- 0 
 24/06/2010 09.47     C:\WINDOWS\Temp\0d2bb127-9ee2-4dd3-9c1f-f19b2b083702 --------- 0 
 23/06/2010 20.31     C:\WINDOWS\Temp\dd_wcf_retCA538B.txt --------- 4484 
 23/06/2010 20.30     C:\WINDOWS\Temp\ASPNETSetup_00000.log --------- 5158 
 23/06/2010 17.03     C:\WINDOWS\Temp\6e72cc7c-6627-42ba-b946-af35911e4750 --------- 0 
 23/06/2010 09.59     C:\WINDOWS\Temp\e4b7a41f-9959-41fc-a29e-13e58c31a87e --------- 0 
 22/06/2010 18.22     C:\WINDOWS\Temp\0a347b83-4139-478b-8325-cf8e8c8f81ee --------- 0 
 22/06/2010 09.36     C:\WINDOWS\Temp\1938d92f-ee19-459b-8a6a-725140827d7c --------- 0 
 21/06/2010 19.38     C:\WINDOWS\Temp\077c2156-b745-4b6b-9518-36d775cc223f --------- 0 
 21/06/2010 09.48     C:\WINDOWS\Temp\d910c6c8-c37f-467b-a0c7-bd061db546b8 --------- 0 
 20/06/2010 13.05     C:\WINDOWS\Temp\d304a4d9-ebd4-427a-a685-f3f9eb385a89 --------- 0 
 19/06/2010 11.25     C:\WINDOWS\Temp\0578fc4b-798d-43e1-9c3b-df9e0dac3daf --------- 0 
 18/06/2010 20.12     C:\WINDOWS\Temp\dadca259-ce95-4c08-8eaa-ba102883bbac --------- 0 
 18/06/2010 08.28     C:\WINDOWS\Temp\86059762-6d3c-40a0-9b3a-1aef0432d229 --------- 0 
 17/06/2010 18.25     C:\WINDOWS\Temp\27d28a27-31e2-4693-8079-8004e0888a87 --------- 0 
 16/06/2010 22.53     C:\WINDOWS\Temp\f5fe9667-14df-4778-88cf-84f8d1de5d9d --------- 0 
 15/06/2010 17.10     C:\WINDOWS\Temp\7cc389d9-add4-45d0-a88c-4eaa5de3a4d6 --------- 0 
 15/06/2010 10.01     C:\WINDOWS\Temp\fbe43ea2-0d35-44c5-97fb-358a6e4996c4 --------- 0 
 14/06/2010 11.34     C:\WINDOWS\Temp\d0c90122-d046-4504-9676-4205b472cc2e --------- 0 
 13/06/2010 14.44     C:\WINDOWS\Temp\4c72912b-69c1-4551-819b-7fac8beb4190 --------- 0 
 12/06/2010 11.05     C:\WINDOWS\Temp\3c0e4310-17ad-4098-ab2f-5dd70f63a1a8 --------- 0 
----------------------------------------

 
C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp

 19/08/2010 21.23      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\nst10.tmp --------- 0 
 19/08/2010 21.22      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~nsu.tmp --------- 0 
 19/08/2010 20.06      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AdobeARM.log --------- 157190 
 18/08/2010 22.21      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\msohtml1 --------- 0 
 18/08/2010 11.55      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\WERb2b2.dir00 --------- 0 
 18/08/2010 09.22      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\uninst1.exe --------- 124928 
 18/08/2010 09.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\utt7.tmp --------- 0 
 18/08/2010 09.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\utt7.tmp.bat --------- 53 
 18/08/2010 08.33      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\2.dir --------- 0 
 18/08/2010 08.33      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\2.tmp --------- 0 
 18/08/2010 00.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AAX72.tmp --------- 169324 
 18/08/2010 00.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Uninstall.exe --------- 1592937 
 17/08/2010 09.51      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\hsperfdata_MeinName--------- 0 
 17/08/2010 09.16      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\DFM2HTML_index --------- 0 
 16/08/2010 16.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\info.txt --------- 1969 
 16/08/2010 16.17      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\mia6A.tmp --------- 0 
 16/08/2010 16.05      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\java_install_reg.log --------- 7612 
 14/08/2010 23.41      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\30BF085A.TMP --------- 106 
 13/08/2010 13.10      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat75.tmp --------- 2868 
 13/08/2010 13.10      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat72.tmp --------- 3832 
 13/08/2010 13.10      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat6F.tmp --------- 1244 
 13/08/2010 13.10      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat6C.tmp --------- 9836 
 13/08/2010 13.10      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat69.tmp --------- 5628 
 13/08/2010 13.10      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat66.tmp --------- 1242 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat60.tmp --------- 1388 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat63.tmp --------- 1388 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat5D.tmp --------- 1112 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat5A.tmp --------- 19372 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat56.tmp --------- 1208 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat53.tmp --------- 1264 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat50.tmp --------- 1544 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat47.tmp --------- 4824 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat4D.tmp --------- 6824 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat4A.tmp --------- 5564 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat41.tmp --------- 1232 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat44.tmp --------- 1156 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat3E.tmp --------- 1172 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat38.tmp --------- 1552 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat3B.tmp --------- 1160 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat32.tmp --------- 11948 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat35.tmp --------- 1092 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat2C.tmp --------- 7568 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat2F.tmp --------- 12068 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat29.tmp --------- 1232 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat26.tmp --------- 1724 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat23.tmp --------- 8850 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat1D.tmp --------- 1094 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat20.tmp --------- 1406 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat1A.tmp --------- 1498 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat17.tmp --------- 1094 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat14.tmp --------- 8838 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat11.tmp --------- 1318 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\datE.tmp --------- 1498 
 13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\datB.tmp --------- 1298 
 12/08/2010 20.07      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\TWAIN.LOG --------- 15503 
 12/08/2010 20.06      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Twain001.Mtx --------- 3 
 12/08/2010 20.06      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Twunk001.MTX --------- 156 
 09/08/2010 15.54      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Word8.0 --------- 0 
 09/08/2010 12.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\VGX7E.tmp --------- 505192 
 09/08/2010 12.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\VGX7D.tmp --------- 714093 
 09/08/2010 12.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\VGX7C.tmp --------- 925697 
 07/08/2010 14.34      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\QTStreaming Debug Log.txt --------- 54 
 05/08/2010 00.27      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~DF5439.tmp --------- 98304 
 04/08/2010 00.47      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\VGXE.tmp --------- 106 
 02/08/2010 18.20      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\.cleanup.tmp --------- 0 
 02/08/2010 16.07      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\removefiles.txttemp --------- 2903 
 02/08/2010 16.07      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\persistent_state --------- 16 
 28/07/2010 10.36      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~DF5E51.tmp --------- 98304 
 28/07/2010 03.33      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~DF7BA0.tmp --------- 98304 
 25/07/2010 23.35      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~DFBF1C.tmp --------- 98304 
 21/07/2010 18.56      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~DF46F4.tmp --------- 98304 
 04/07/2010 21.15      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Silverlight0.log --------- 1800 
 04/07/2010 21.15      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\SilverlightMSI.log --------- 1083560 
 03/07/2010 08.59      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\jar_cache7804259014797866714.tmp --------- 5950 
 02/07/2010 11.51      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\wecerr.txt --------- 325 
 02/07/2010 11.51      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Explorer.log --------- 1215 
 01/07/2010 12.27      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\control.xml --------- 12818 
 30/06/2010 13.33      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AdobeARM_NotLocked.log --------- 876 
 30/06/2010 10.15      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\amt.log --------- 15138 
 29/06/2010 20.06      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~DF203C.tmp --------- 16384 
 23/06/2010 22.58      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\113CA8.dmp --------- 3983003 
 23/06/2010 22.58      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\3bc8_appcompat.txt --------- 5584 
 22/06/2010 15.35      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~WRS0000.tmp --------- 228352 
 19/06/2010 17.23      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\temp.png --------- 898432 
 19/06/2010 11.34      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\VBE --------- 0 
 19/06/2010 00.53      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5578T1L1_install_log.txt --------- 14001 
 18/06/2010 00.13      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AAX4F.tmp --------- 36944 
 17/06/2010 21.30      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AAX4B.tmp --------- 36944 
 17/06/2010 21.30      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AAX4A.tmp --------- 36684 
 17/06/2010 20.22      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AAX47.tmp --------- 36944 
 17/06/2010 20.22      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AAX46.tmp --------- 36684 
 17/06/2010 15.21      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\bitrock_installer_1436.log --------- 78043 
 17/06/2010 15.21      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\_uninstall --------- 0 
 17/06/2010 15.21      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\bitrock_installer.log --------- 108 
 17/06/2010 15.21      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51 --------- 0 
 15/06/2010 15.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\SFXA0.tmp --------- 0 
 15/06/2010 15.18      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\MSI8f482.LOG --------- 346 
 14/06/2010 20.44      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Twunk002.MTX --------- 0 
 14/06/2010 20.20      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\MSI7b65e.LOG --------- 346 
 14/06/2010 13.27      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Adobe --------- 0 
 13/06/2010 17.22      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Setup Log 2010-06-13 #002.txt --------- 9511 
 13/06/2010 17.18      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Setup Log 2010-06-13 #003.txt --------- 1344 
 13/06/2010 17.15      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Setup Log 2010-06-13 #001.txt --------- 1343 
 13/06/2010 11.26      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F2708T1L2_install_log.txt --------- 30950 
 13/06/2010 09.18      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5812T1L1_install_log.txt --------- 11232 
 12/06/2010 13.10      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5717T1L1_install_log.txt --------- 11264 
 12/06/2010 13.00      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5640T1L2_install_log.txt --------- 15170 
 12/06/2010 01.46      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\msohtml --------- 0 
 11/06/2010 14.26      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\is799009782 --------- 0 
 11/06/2010 14.14      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~D045BE.tmp --------- 106 
 11/06/2010 14.14      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\GLB6A.tmp --------- 71680 
 11/06/2010 13.52      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\ApplicazioniSogei.cfg --------- 335 
 11/06/2010 13.46      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\jusched.log --------- 1539 
 11/06/2010 13.46      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\JAUReg.log --------- 294 
 11/06/2010 13.46      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AUCHECK_PARSER.txt --------- 222 
 11/06/2010 13.46      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\java_install.log --------- 27146 
 11/06/2010 13.45      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\java_install_sp.log --------- 2024 
 11/06/2010 13.45      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\791169.mst --------- 5079552 
 11/06/2010 13.44      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\jinstall.cfg --------- 1217 
 11/06/2010 13.37      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\lax2B.tmp --------- 4962 
 11/06/2010 13.37      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\I1276256220 --------- 0 
 11/06/2010 13.32      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\lax2A.tmp --------- 4962 
 11/06/2010 13.32      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\I1276255954 --------- 0 
 11/06/2010 12.57      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5208T1L1_install_log.txt --------- 14387 
 11/06/2010 12.21      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5663T1L1_install_log.txt --------- 15357 
 11/06/2010 03.36      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5208T1L2_install_log.txt --------- 14387 
 11/06/2010 02.57      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5736T1L1_install_log.txt --------- 29057 
 11/06/2010 02.33      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5064T1L2_install_log.txt --------- 14152 
 11/06/2010 02.16      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\wrd17504b4.~lk --------- 0 
 10/06/2010 16.51      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\netfxupdate.log --------- 6453 
 17/03/2010 12.30      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\_iu14D2N.tmp --------- 674822 
 21/02/2010 12.45      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\stylers.model.xml --------- 95613 
 17/02/2010 11.37      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\uninstbb.exe --------- 473832 
 23/01/2010 20.44      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\langs.model.xml --------- 91251 
 09/07/2009 01.08      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\config.model.xml --------- 4820 
 24/05/2009 12.22      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\stylesLexerModel.xml --------- 244 
 24/05/2009 11.40      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\xmlUpdater.exe --------- 118784 
 25/04/2009 01.39      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\langsModel.xml --------- 191 
 25/04/2009 01.39      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\stylesGlobalModel.xml --------- 192 
 25/04/2009 01.39      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\configModel.xml --------- 193 
 25/04/2009 01.38      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\stylers_remove.xml --------- 821 
 26/07/2002 17.02      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\GLB1A2B.EXE --------- 153088 
----------------------------------------

 
C:\Programmi

 19/08/2010 20.22     C:\Programmi\Malwarebytes' Anti-Malware --------- 0 
 18/08/2010 13.06     C:\Programmi\trend micro --------- 0 
 18/08/2010 09.32     C:\Programmi\CCleaner --------- 0 
 18/08/2010 09.20     C:\Programmi\DFM2HTML --------- 0 
 16/08/2010 16.18     C:\Programmi\Lavasoft --------- 0 
 11/08/2010 23.45     C:\Programmi\Internet Explorer --------- 0 
 11/08/2010 23.42     C:\Programmi\Movie Maker --------- 0 
 06/08/2010 10.23     C:\Programmi\PeerBlock --------- 0 
 05/07/2010 09.00     C:\Programmi\Microsoft Silverlight --------- 0 
 03/07/2010 13.28     C:\Programmi\Notepad++ --------- 0 
 03/07/2010 08.04     C:\Programmi\phase5 --------- 0 
 02/07/2010 12.38     C:\Programmi\Bradbury --------- 0 
 25/06/2010 17.08     C:\Programmi\Xaldon --------- 0 
 25/06/2010 16.32     C:\Programmi\WinHTTrack --------- 0 
 22/06/2010 21.38     C:\Programmi\My Book --------- 0 
 22/06/2010 21.38     C:\Programmi\InstallShield Installation Information --------- 0 
 05/06/2010 15.19     C:\Programmi\A.F.5 Rename your files 1.1 --------- 0 
 13/06/2010 17.16     C:\Programmi\File comuni --------- 0 
 11/06/2010 14.22     C:\Programmi\PDF Creator --------- 0 
 11/06/2010 14.14     C:\Programmi\Conduit --------- 0 
 11/06/2010 13.47     C:\Programmi\Zero G Registry --------- 0 
 11/06/2010 13.45     C:\Programmi\Java --------- 0 
 09/06/2010 17.27     C:\Programmi\Adobe --------- 0 
 27/05/2010 07.08     C:\Programmi\QuickTime --------- 0 
 27/05/2010 07.07     C:\Programmi\Apple Software Update --------- 0 
 13/05/2010 00.42     C:\Programmi\Outlook Express --------- 0 
 06/05/2010 14.58     C:\Programmi\7-Zip --------- 0 
 18/02/2010 20.29     C:\Programmi\MSBuild --------- 0 
 18/02/2010 20.29     C:\Programmi\Reference Assemblies --------- 0 
 31/01/2010 22.18     C:\Programmi\DivX --------- 0 
 18/12/2009 16.49     C:\Programmi\Real --------- 0 
 18/12/2009 14.34     C:\Programmi\Messenger --------- 0 
 18/12/2009 12.32     C:\Programmi\NetMeeting --------- 0 
 18/12/2009 12.32     C:\Programmi\Windows Media Player --------- 0 
 18/12/2009 12.32     C:\Programmi\Windows NT --------- 0 
 18/12/2009 12.03     C:\Programmi\Microsoft Works --------- 0 
 18/12/2009 12.03     C:\Programmi\Microsoft Visual Studio --------- 0 
 18/12/2009 03.25     C:\Programmi\Microsoft Office --------- 0 
 18/12/2009 00.51     C:\Programmi\xerox --------- 0 
 18/12/2009 00.51     C:\Programmi\Toshiba Connect --------- 0 
 18/12/2009 00.50     C:\Programmi\Servizi in linea --------- 0 
 18/12/2009 00.49     C:\Programmi\Realtek --------- 0 
 18/12/2009 00.49     C:\Programmi\MSN Gaming Zone --------- 0 
 18/12/2009 00.49     C:\Programmi\Microsoft.NET --------- 0 
 18/12/2009 00.49     C:\Programmi\microsoft frontpage --------- 0 
 18/12/2009 00.49     C:\Programmi\ltmoh --------- 0 
 18/12/2009 00.22     C:\Programmi\MSXML 4.0 --------- 0 
 18/12/2009 00.17     C:\Programmi\AVG --------- 0 
 17/12/2009 23.32     C:\Programmi\Intel --------- 0 
 17/12/2009 23.29     C:\Programmi\InterVideo --------- 0 
 31/03/2006 16.51     C:\Programmi\Toshiba --------- 0 
 31/03/2006 16.50     C:\Programmi\Synaptics --------- 0 
 31/03/2006 16.50     C:\Programmi\Sonic --------- 0 
 31/03/2006 16.47     C:\Programmi\ATI Technologies --------- 0 
 17/01/2006 10.55     C:\Programmi\Uninstall Information --------- 0 
 17/01/2006 10.31     C:\Programmi\WindowsUpdate --------- 0 
----------------------------------------

 
C:\Documents and Settings\All Users\.. 

MeinName
All Users    
LocalService    
NetworkService    
Default User    
----------------------------------------

 
C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

----------------------------------------

 

Abbildname                  PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ===== ================ ========== ===============
System Idle Process           0 Console                   0            16 K
System                        4 Console                   0       103.000 K
smss.exe                    588 Console                   0           400 K
csrss.exe                   652 Console                   0         4.144 K
winlogon.exe                684 Console                   0         3.076 K
services.exe                728 Console                   0         3.516 K
lsass.exe                   740 Console                   0         6.784 K
ati2evxx.exe                920 Console                   0         2.456 K
svchost.exe                 936 Console                   0         4.864 K
svchost.exe                1016 Console                   0         4.480 K
svchost.exe                1060 Console                   0        21.908 K
EvtEng.exe                 1116 Console                   0         7.496 K
S24EvMon.exe               1144 Console                   0         5.712 K
svchost.exe                1216 Console                   0         3.592 K
svchost.exe                1316 Console                   0         3.840 K
avgchsvx.exe               1380 Console                   0        20.700 K
avgrsx.exe                 1392 Console                   0           680 K
avgcsrvx.exe               1680 Console                   0         8.464 K
brsvc01a.exe               2008 Console                   0         1.292 K
brss01a.exe                2044 Console                   0         2.044 K
spoolsv.exe                 128 Console                   0         5.932 K
ati2evxx.exe                144 Console                   0         3.308 K
svchost.exe                 448 Console                   0         3.804 K
explorer.exe                468 Console                   0        32.768 K
avgwdsvc.exe                528 Console                   0         2.496 K
CFSvcs.exe                  648 Console                   0           716 K
MDM.EXE                    1476 Console                   0         3.284 K
RegSrvc.exe                1616 Console                   0         3.000 K
RTHDCPL.exe                1648 Console                   0        17.704 K
svchost.exe                 184 Console                   0         4.264 K
agrsmmsg.exe                208 Console                   0         2.552 K
TPSMain.exe                 288 Console                   0         4.176 K
TAPPSRV.exe                 292 Console                   0         1.672 K
wdfmgr.exe                  968 Console                   0         1.788 K
iFrmewrk.exe               1260 Console                   0        12.048 K
avgtray.exe                1544 Console                   0         2.488 K
avgemc.exe                 1356 Console                   0           732 K
avgnsx.exe                 1612 Console                   0           240 K
ctfmon.exe                 1624 Console                   0         3.304 K
avgcsrvx.exe               2292 Console                   0         4.268 K
TPSBattM.exe               2300 Console                   0         2.556 K
alg.exe                    3500 Console                   0         3.544 K
Dot1XCfg.exe               2972 Console                   0         7.968 K
cmd.exe                    3824 Console                   0         2.544 K
tasklist.exe               2080 Console                   0         4.532 K
wmiprvse.exe                580 Console                   0         5.792 K

 
***** Ende des Scans 19/08/2010 um 22.17.57,59 ***

6. CCleaner Log

Code:

7-Zip 4.65		
A.F.5 Rename your files 1.1	Alex Fauland	1.1.0.0
Ad-Aware	Lavasoft	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	10.1.82.76
Adobe Photoshop 5.5	Adobe Systems, Inc.	5.5
Adobe Reader 9.3.3 - Italiano	Adobe Systems Incorporated\0	9.3.3
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	11.5.6.606
Apple Application Support	Apple Inc.	1.2.1
Apple Software Update	Apple Inc.	2.1.1.116
ATI - Programma di disinstallazione		6.14.10.1014
ATI Catalyst Control Center		1.2.2180.38582
ATI Display Driver		8.204-051220a1-029876C-Toshiba
AVG Free 9.0	AVG Technologies	
Bluetooth Stack for Windows by Toshiba		v4.00.23(T)
CCleaner	Piriform	2.34
DFM2HTML v4.3		
DFM2HTML v4.4		
DirectX10 RC2 Pre Fix 3		
DivX Codec	DivX, Inc.	6.9.1
DivX Converter	DivX, Inc.	7.1.0
DivX Player	DivX, Inc.	7.2.0
DivX Plus DirectShow Filters	DivX, Inc.	
DivX Plus Web Player	DivX,Inc.	2.0.0
High Definition Audio Driver Package - KB888111	Microsoft Corporation	20040219.000000
Intel(R) PRO Network Connections Drivers		
InterVideo WinDVD Creator 2	InterVideo Inc.	2.0.14.376
InterVideo WinDVD for TOSHIBA	InterVideo Inc.	5.0-B11.533
Java(TM) 6 Update 20	Sun Microsystems, Inc.	6.0.200
Macromedia Flash Player	Macromedia, Inc.	7.0.19.0
Malwarebytes' Anti-Malware	Malwarebytes Corporation	
Manuali TOSHIBA	TOSHIBA	7.05
Microsoft .NET Framework 1.1		
Microsoft .NET Framework 1.1 Italian Language Pack	Microsoft	1.1.4322
Microsoft .NET Framework 2.0 Service Pack 2	Microsoft Corporation	2.2.30729
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA	Microsoft Corporation	2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2	Microsoft Corporation	3.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA	Microsoft Corporation	3.2.30729
Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)	Microsoft Corporation	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	
Microsoft Office OneNote 2003	Microsoft Corporation	11.0.6360.0
Microsoft Office Professional Edition 2003	Microsoft Corporation	11.0.5614.0
Microsoft Silverlight	Microsoft Corporation	4.0.50524.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	9.0.30729
Modulo sicuro SD	TOSHIBA Corporation	1.0.3
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	4.20.9876.0
Notepad++		5.6.8
PeerBlock 1.0+ (r404)	PeerBlock, LLC	1.0.0.404
Phase 5 HTML-Editor	Systemberatung Schommer	5.6.2.3
QuickTime	Apple Inc.	7.66.71.0
RealPlayer	RealNetworks	
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	2.02
Risparmio energetico TOSHIBA		7.03.07.I
Silenziatore unità CD/DVD	TOSHIBA	1.00.008
Software Intel(R) PROSet/Wireless	Intel Corporation	10.01.0000
Sonic DLA	Sonic Solutions	5.2.0
Sonic RecordNow!	Sonic Solutions	7.31
Suono virtuale TOSHIBA		
Synaptics Pointing Device Driver	Synaptics	8.2.9.0
Texas Instruments PCIxx21/x515/xx12 drivers.	Texas Instruments Inc.	1.16.0000
TopStyle Lite (Version 3.0)	Bradbury Software, LLC	3.1.0
TOSHIBA Assist		
TOSHIBA ConfigFree		5.90.05
Toshiba Connect		
TOSHIBA Controls		
TOSHIBA Hotkey Utility		1.00.01ST
TOSHIBA SD Memory Card Format		
TOSHIBA Software Modem		2.1.62 (SM2162ALD04)
TOSHIBA TouchPad ON/Off Utility		1.00.01ST
TOSHIBA Utilities		1.00.07ST
TOSHIBA Zooming Utility		
Utilità di diagnostica del PC TOSHIBA		
WD Backup	ArcSoft	
WD Firewire HID Driver	Nome società	1.04.0001
Windows Internet Explorer 8	Microsoft Corporation	20090308.140743
Windows XP Service Pack 3	Microsoft Corporation	20080413.144514
WinHTTrack Website Copier 3.43-9C	HTTrack	3.43.9
Xaldon WebSpider 2

Danke für Alles!

[kira]

1. Habe Lavasoft und AVG-Dienst über Services.msc deaktiviert

AVG ist dein AV-programm..warum hast Du ihn deaktiviert?
Ad-Aware v. Lavasoft würde ich komplett vom System deinstallieren (vorher schauen, ob in der Quarantäne befindet sich noch etwas?)

Systemprüfung und Reinigung:

► Ab jetzt sofort gilt, bis zum Ende der Reinigung>:

Hast Du externe Festplatte, USB-Sticks und/oder andere externe Speichermedien? Bitte immer (über die ganze Reinigungszeit!!) anschließen,damit gescannt werden kann.- alle Wechseldatenträger und immer bei gedrückter Shift-Taste am USB-Anschluss des Rechners einstecken! - So verhindest Du die Ausführung der AUTORUN-Funktion -> Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

1.

**Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
**lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - (Inhalt markieren und löschen)
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.

• klick auf START -> ausführen (schreib rein): cleanmgr -> ok.[/b]Vergewissere dich, dass die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) geleert werden.
  Klicke ok.
• gehe auf START -> ausführen (schreib rein): %temp% -> ok.[/b]
  Ordnerinhalt markieren dann löschen - Du leerst damit den/die Ordner C:\DOKUME~1\Dein Name\LOKALE~1\Temp\
• Mach das für jedes Benutzerkonto.
• Danach soll auch der Papierkorb geleert werden

2.
Öffne CCleaner - Anleitung CCleaner

• "Cleaner"->"Analysieren"->Klick auf den Button "Start CCleaner"
• "Registry""Fehler suchen"-> "Fehler beheben"->"Alle beheben"
• Starte dein System neu auf

3.
Grundreinigung mit SUPERAntiSpyware

• Bitte lade Dir SUPERAntiSpyware FREE Edition herunter.
• Das Programm ist geeignet für: Windows 98, 98SE, ME, 2000, 2003, XP und Vista.
• Installiere das Programm und lasse das Programm die neuesten Definition und Updates laden.
• Eine bebilderte Anleitung findest Du hier.
• Schließe alle Anwendungen inkl. Browser.
• Öffne SUPERAntiSpyware und klicke auf Ihren Computer durchsuchen.
• Setze ein Häkchen bei Kompletter Scan und klicke auf Weiter.
• Wenn der Suchlauf beendet ist, wird Dir eine Übersicht mit den Funden angezeigt, die Du mit OK zur Kenntnis nimmst.
• Achte darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf Weiter und OK.
• Klicke auf Fertig stellen, was Dich ins Hauptfenster bringt.
• Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
• Um das Logfile zu erhalten, musst du erst auf Präferenzen und dann auf den Statistiken und Protokolle klicken.
• Klicke auf das datierte Logfile, drücke auf Protokoll anzeigen. Nun erscheint ein Textfenster.
• Bitte kopiere diesen Bericht hier in den Thread.

4.
♦ Also schließe jetzt weiterhin alle externe Datenträger an Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung
♦ Prüfe Deinen Rechner jetzt, auf Viren, Trojaner, Würmer und anderen Schadcode, mit dem kostenlosen Online Virenscanner von Kaspersky - ohne Säuberung, also Virenfunde können nicht entfernt werden, das machen wir dann andersrum!

• User v. Vista und WIN7: Rechtsklick auf das Browser-Icon -> "als Administrator ausführen" wählen
• muss den Internet Explorer von Microsoft verwendet werden
• setze die Sicherheitseinstellungen im IE - Anleitung/paules-pc-forum - im IE zurück auf "Mittel" ► IE-> Extras-> Internetoptionen-> Sicherheit-> Internet-> Stufe...
• erlaube ActiveX-Komponente "► Download von signierten ActiveX-Steuerelementen zulassen " - Dies ist notwendig, damit auf deine Festplatte zugegriffen werden kann
• während der Scans andere Schutzprogramme (Antivirus und Spyware Programme), Skriptblocking usw abstellen! ►Am Ende des Scans nicht vergessen sofort erneut aktivieren!
• klicke auf diesen Link um ► Kaspersky Online Scanner zu starten -> Diese Anleitung am besten vorher ansehen: ► Bebilderte Anleitung
• dann auf Accept, um die Installation fortzusetzen
• nach dem automatischen Download der neuen Virendefinitionen beendet, wähle "My Computer" aus
• wenn der Scanvorgang beendet ist, um die Ergebnisse zu speichern: klicke auf "View Scan Report" -> "Save as"
• speicher dies auf Deinen Desktop ► wähle "Datei Speichern unter..."► "Dateityp: Textdateien (*.txt)"
• vergiss nicht, die Sicherheitseinstellungen im IE nach dem Scan wieder hochzustellen! ► Anleitung
• abhängig von der Größe deines Betriebssystems (dh die Menge der Dateien, etc.), die Scan-Zeit variieren
• anschließend bitte das Ergebnis in Deinem Thread hier posten!

[idila]

Zitat von idila: 1. Habe Lavasoft und AVG-Dienst über Services.msc deaktiviert
Zitat von argos: AVG ist dein AV-programm..warum hast Du ihn deaktiviert?

Ach, da war mir noch was von gestern im Kopf, als ich gelesen hatte, alle abzustellen. Sorry.

Zitat von argos: Ad-Aware v. Lavasoft würde ich komplett vom System deinstallieren (vorher schauen, ob in der Quarantäne befindet sich noch etwas?)

Ad-Aware deinstalliert und vorher Quarantäne kontrolliert (war leer).

Zitat von argos: Hast Du externe Festplatte, USB-Sticks und/oder andere externe Speichermedien? Bitte immer anschließen, damit gescannt werden kann.

Beim SuperAntiSpy habe ich meinen externen Harddisc MyBook angeschlossen (meine Backups), allerdings war Autorun nicht durch Shift-Taste zu stoppen, oder vielleicht doch, da ich nicht weiß, was hier Autorun ist: das Menü, das aufgeht und wo ich aussuchen kann, was ich machen will (brennen, öffnen, kopieren ...)? Wenn das der Autorun ist, dann ging das Menüaufgehen nicht stoppen, allerdings habe ich das Menüfenster einfach geschlossen, ohne eine Operation auszuführen, ist er damit auch gestoppt? Ich habe jedenfalls Shift gedrückt gehalten. Der Harddisc F: ist gescannt worden, habe es gesehen, da erscheinen auch verdächtige Objekte aus F: im Log.
Meine USB habe ich alle gestern formattiert.


Zu den neuen Logs
1. cleanmgr durchgeführt und alles bereinigt.
%temp% eingegeben + C:\DOKUME~1\Mein Name\LOKALE~1\Temp\ gelöscht.

2. CCleaner Register durchgeführt und alle obsolete gelöscht und Papierkorb geleert.

3. SUPERAntiSpyware laufen lassen, alles andere war geschlossen.

Code:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/20/2010 at 04:46 PM

Application Version : 4.41.1000

Core Rules Database Version : 5347
Trace Rules Database Version: 3198

Scan type       : Complete Scan
Total Scan Time : 01:19:25

Memory items scanned      : 465
Memory threats detected   : 0
Registry items scanned    : 6856
Registry threats detected : 0
File items scanned        : 44998
File threats detected     : 17

Adware.Tracking Cookie
	ia.media-imdb.com [ C:\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\G59TVNSZ ]
	media.mtvnservices.com [ C:\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\G59TVNSZ ]
	s0.2mdn.net [ C:\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\G59TVNSZ ]
	secure-us.imrworldwide.com [ C:\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\G59TVNSZ ]
	140.memecounter.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
	73.memecounter.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
	cdn1.eyewonder.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
	cdn4.specificclick.net [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
	googleads.g.doubleclick.net [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
	imagesrv.adition.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
	m.uk.2mdn.net [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
	media.mtvnservices.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
	media.scanscout.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
	media01.kyte.tv [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
	memecounter.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
	objects.tremormedia.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
	udn.specificclick.net [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]

4. Kaspersky Log

Code:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Saturday, August 21, 2010
 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Friday, August 20, 2010 13:39:15
 Records in database: 4129936
--------------------------------------------------------------------------------

Scan settings:
	scan using the following database: extended
	Scan archives: yes
	Scan e-mail databases: yes

Scan area - My Computer:
	C:\
	D:\
	E:\
	F:\

Scan statistics:
	Objects scanned: 186328
	Threats found: 3
	Infected objects found: 8
	Suspicious objects found: 0
	Scan duration: 04:18:31


File name / Threat / Threats count
C:\Documents and Settings\Mein Name\Documenti\Reflet\Reflet-de.zip	
Infected: Trojan-Spy.Win32.KeyLogger.hfa	1

C:\Programmi\Toshiba Connect\InstID.exe	
Infected: not-a-virus:Dialer.Win32.InterDialer.a	1

C:\System Volume Information\_restore{00228FAC-3D60-4E3D-A9AA-E6622D9240A7}\RP204\A0045400.exe	
Infected: Backdoor.Win32.Bifrose.cpkl	1

C:\System Volume Information\_restore{00228FAC-3D60-4E3D-A9AA-E6622D9240A7}\RP204\A0045483.exe	
Infected: not-a-virus:Dialer.Win32.InterDialer.a	1

F:\16-10-2009 Dati\C\Documents and Settings\Mein Name\Documenti\Reflet\Reflet.exe	
Infected: Trojan-Spy.Win32.KeyLogger.hfa	1

F:\16-10-2009 Dati\C\Documents and Settings\Mein Name\Documenti\Reflet exe\Reflet.exe	
Infected: Trojan-Spy.Win32.KeyLogger.hfa	1

F:\20-03-2010\Documenti\Reflet\Reflet-de.zip	
Infected: Trojan-Spy.Win32.KeyLogger.hfa	1

F:\22-06-2010\C\Documents and Settings\Mein Name\Documenti\Reflet\Reflet-de.zip	
Infected: Trojan-Spy.Win32.KeyLogger.hfa	1

Selected area has been scanned.

Ich habe einige dicke Ordner in C:/Windows, ich frage mich, ob es stimmt:
1) dass die versteckten Ordner in C:/Windows, die mit "$Nt" beginnen (Beispiel: $NtUninstallKB873333$), alle mit blauer Schrift, Kopien von Updates zum eventuellen Deinstallieren von schief gegangene Updates sind und daher gelöscht werden können?
2) dass die Ordner C:/Windows "IE8" (versteckter Ordner) und "IE8 Updates" ebenfalls gelöscht werden können?
3) das alles im "C:\WINDOWS\SoftwareDistribution" gelöscht werden kann - soweit es denn geht?
4) das System Volume Information geleert werden kann, meiner hat 9 Gb, kann ich am Ende des Reinigungsprozesses alle löschen?


Wegen der Frage zum C:/Recycler S-1-5-21-2767231553-2537787753-3555782994-1006 meines letzten Postings, das hat sich gelöst, der scheint nur virusverdächtig zu sein, wenn in diesem Recycler ein weiterer Recycler oder Ordner mit solch einem Namen drinnen ist, und das ist nicht der Fall.

Wieder mal Dank für die viele Hilfe!

[idila]

Hallo Argos,
kann ich die infizierten Sachen weglöschen? Viele wiederholen sich auf dem Laufwerk F: (externer Harddisc) da ich da meine Backups habe.

Habe mir die Listen der verdächtigen Objekte angeguckt, wenn ich die Objekte lösche (scheinen löschbar zu sein), bin ich dann Backdoor, Tracking Cookies und KeyLogger los? Arbeitet ein KeyLogger immer oder nur wenn das jeweilige Programm benutzt wird?

Danke für deine so wertvolle Hilfe!

[kira]

Arbeitet ein KeyLogger immer oder nur wenn das jeweilige Programm benutzt wird?

Hier kannst Du alles wichtige dazu nachlesen::-> http://de.wikipedia.org/wiki/Keylogger
1.
Schließe jetzt alle externe Datenträgeran Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

2.
Malware-Scan mit a-squared Free

Ohne Hintergrundwächter durchsucht a-squared Free den Computer auf Befall von Trojanern, Spyware, Adware, Würmern, Keyloggern, Rootkits, Dialern und anderen schädlichen Programmen.

Lade a-squared Free von Emsisoft herunter und installiere das Programm. Nach der Installation die Signaturen updaten und den Rechner komplett scannen lassen. Am Ende des Scans alle Funde löschen lassen und über den Button "Bericht speichern" das Logfile auf Desktop speichern und hier in den Thread posten.

[idila]

Hier kannst Du alles wichtige dazu nachlesen::-> http://de.wikipedia.org/wiki/Keylogger

Das hatte ich gelesen, aber mir ist nicht klar, ob die immer arbeiten oder nur, wenn das Programm, wo sie drin stecken, arbeitet. Arbeiten sie immer?


Emsisoft Log

Code:

Emsisoft Anti-Malware - Versione 5.0
Ultimo aggiornamento: 26/08/2010 19.34.56

Impostazioni scansione:

Tipo scansione: N/A
Oggetti: Memoria, Tracce, Cookies, C:\, F:\
Archivio scansioni: Off
Euristica: Off
Scansione ADS: On

Scansione avviata:	26/08/2010 19.35.05

C:\Programmi\Toshiba Connect\InstID.exe 	
rilevati: Riskware.Dialer.Win32.InterDialer!IK
F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\...\Xor2 Freischaltung\xor2.exe 	
rilevati: Backdoor.Win32.Cmjspy!IK
F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\...\xor2.exe 	
rilevati: Backdoor.Win32.Cmjspy!IK
F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\...\DeaM.exe 	
rilevati: Trojan-Dropper.Delf!IK
F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\Reflet\Reflet.exe 	
rilevati: Trojan-Spy.Win32.KeyLogger!IK
F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\Reflet exe\Reflet.exe 	
rilevati: Trojan-Spy.Win32.KeyLogger!IK

Scansionati

File: 	190345
Tracce: 	724564
Cookies: 	0
Processi: 	45

Rilevato

File: 	6
Tracce: 	0
Cookies: 	0
Processi: 	0
Chiavi di Registro: 	0

Fine scansione:	26/08/2010 22.34.18
Tempo scansione:	2:59:13

F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\Reflet\Reflet.exe
	In quarantena Trojan-Spy.Win32.KeyLogger!IK
F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\Reflet exe\Reflet.exe	
In quarantena Trojan-Spy.Win32.KeyLogger!IK
F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\...\DeaM.exe	
In quarantena Trojan-Dropper.Delf!IK
F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\...\xor2 Freischaltung\xor2.exe	
In quarantena Backdoor.Win32.Cmjspy!IK
F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\...\xor2.exe	
In quarantena Backdoor.Win32.Cmjspy!IK
C:\Programmi\Toshiba Connect\InstID.exe	
In quarantena Riskware.Dialer.Win32.InterDialer!IK

In quarantena

File: 	6
Tracce: 	0
Cookies: 	0

Ich habe dann alle aus der Quarantäne gelöscht. Übrigens, das a-squared Free ist in Emsisoft integriert worden, man muß also nun Emsisoft Malware downladen (das kriegt man aber erst gesagt, wenn man die 82 Mb a-squared downgeladen und installiert hat, etwas doof, aber dafür free und großartig).

Ich vergleiche nun die Logs und lösche alles wo was steckt, vor allem die mit dem Keylogger, das wird nun Zeit.
Müßte ich noch etwas machen?
Und kann ich die Ordnerinhalte System Volume, Software Dist und Ie8 löschen, wie im vorherigen Post beschrieben? Das hatte ich gelesen, aber weiß nicht, ob das auch stimmt.

Vielen Dank für deine Zeit!

[kira]

Das hatte ich gelesen, aber mir ist nicht klar, ob die immer arbeiten oder nur, wenn das Programm, wo sie drin stecken, arbeitet. Arbeiten sie immer?

das Programm ist ein selbständiges Animations-Progamm (zur erstellung von Wasserbildern)?
Keylogger arbeitet ja ständig und unauffällig

Übrigens, das a-squared Free ist in Emsisoft integriert worden, man muß also nun Emsisoft Malware downladen (das kriegt man aber erst gesagt, wenn man die 82 Mb a-squared downgeladen und installiert hat, etwas doof, aber dafür free und großartig).

ja, habe mir auch gleich ausprobiert, werd ich darauf in Zukunft verzichten

Und kann ich die Ordnerinhalte System Volume, Software Dist und Ie8 löschen, wie im vorherigen Post beschrieben? Das hatte ich gelesen, aber weiß nicht, ob das auch stimmt.

Tipps dazu hier:-> hier:-> http://www.wintotal.de/tipparchiv/?TID=931

[idila]

Zitat von argod: Das Programm ist ein selbständiges Animations-Progamm (zur Erstellung von Wasserbildern)?

Exakt, Reflet hatte grad mal 560 kb, wird nicht installiert, also läuft alleine, und hat super Effekte gemacht und war natürlich Freeware. Es wird (oder wurde vor 3 Jahren jedenfalls) überall angepriesen, auch auf niveauvollen Designerseiten.

Keylogger arbeitet ja ständig und unauffällig.

... ok.

Zitat von idila: a-squared Free ist in Emsisoft integriert worden.
Zitat von argos: werd ich darauf in Zukunft verzichten

Oder gleich den Link zu Emsisoft Anti-Malware angeben (von den Mb ist es ja fast dasselbe, nämlich 85 Mb): hier, für Windows, man hat 3 Tage Probezeit. Das Emsisoft Anti Malware gibt es auch als Kid (106 Mb) (für den USBstick), hier für Windows.


Danke für den Link "Löschen System Volume...", alles gelöscht, schwuppdiwupp ...

Argos, vielen Dank für die Hilfe!!! Wie kann ich das gut machen? Kann Italienisch und Photoshop sehr gut, falls du mal eine Übersetzung oder eine Bildbearbeitung brauchst, schreib mich an

Schönes Wochenende
Gruß idila