Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 10 von 12

Thema: Malware, Viren, Troianer?

  1. #1
    Einsteiger
    Registriert seit
    18.08.2010
    Beiträge
    7

    Malware, Viren, Troianer?

    Hallo und danke, das es euch gibt!
    In den letzten Tagen gehe ich gerade mein Laptop durch, mein Start ging zu lange, ansonsten hatte alles eigentlich PERFEKT funktioniert. Habe vor 2 Tagen mein Startup-Menü durchgearbeitet und Unwichtiges rausgenommen (mit Hilfe BleepingComputer.com -> Startup Programs Database), alles hat danach weiterhin PERFEKT funktioniert. Ansonsten habe ich Windows-Firewall und AVG aktiv, ebenso benutze ich Ad-Aware von Lavasaoft und ab und zu den CCleaner fürs Register, außerdem habe ich 'nen Telecom-Router fürs Wireless, aber das seht ihr ja in den einzelnen Logs.

    Gestern kam, während ich auf Facebook war und jemand mich anchattete, ein Ad-Aware Alert vom Ad-Watch-Live, dass qttask (Apple Quick Time) im Register was ändern will; ich hatte qttask.exe aus dem Startmenü genommen, könnte also eventuell damit zusammenhängen, keine Ahnung, bevor ich jedoch entscheiden konnte, ob ich "diesen Prozess blockieren oder zulassen" will, war der Alert schon wieder weggeblendet. Zeitgleich blockierte sich alles, nichts ging mehr, Sanduhr ständig am Drehen, mußte 2x Explorer terminieren, sowas kenne ich seit Jahren nicht mehr. Heute gegoogelt: es gibt qttask-Troianer. Daher meine Bitte, ob jemand mal checken kann, ob da Malware am Arbeiten ist.

    Habe nun Hijack, Gmer, Risit, Defogger laufen lassen und poste di Logs.

    P.S. Konnte Ad-Aware (gratis Version) und AVG nicht abschalten, viel gegoogelt wie das geht, aber die scheinen ja nur durch Deinstallation stoppbar zu sein, also bei all den Logs waren AVG und Ad-Aware aktiviert, nur die Windows Firewall konnte ich abstellen.

    P.S. Nachdem ich alle Log-Tools runtergeladen und auch habe laufen lassen, hat mein Compi angefangen zu spinnen. Mußte ihn 2x manuell runterfahren und neustarten, ist das normal?

    Hier nun die Logs, Danke für jede Hilfe und eure Aufmerksamkeit!


    GMER
    HTML-Code:
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-08-18 11:51:15
    Windows 5.1.2600 Service Pack 3
    Running: w4gik6cp.exe; Driver: C:\DOCUME~1\AH~1\IMPOST~1\Temp\pxtdipob.sys
    
    
    ---- Devices - GMER 1.0.15 ----
    
    AttachedDevice  \Driver\Tcpip \Device\Ip                 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice  \Driver\Tcpip \Device\Tcp                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice  \Driver\Tcpip \Device\Tcp                Lbd.sys (Boot Driver/Lavasoft AB)
    AttachedDevice  \Driver\Tcpip \Device\Udp                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice  \Driver\Tcpip \Device\Udp                Lbd.sys (Boot Driver/Lavasoft AB)
    AttachedDevice  \Driver\Tcpip \Device\RawIp              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice  \Driver\Tcpip \Device\RawIp              Lbd.sys (Boot Driver/Lavasoft AB)
    AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    
    ---- EOF - GMER 1.0.15 ----

    Defogger
    HTML-Code:
    defogger_disable by jpshortstuff (23.02.10.1)
    Log created at 10:18 on 18/08/2010 (AH)
    
    Checking for autostart values...
    HKCU\~\Run values retrieved.
    HKLM\~\Run values retrieved.
    
    Checking for services/drivers...
    
    -=E.O.F=-

    Rsit
    HTML-Code:
    Logfile of random's system information tool 1.08 (written by random/random)
    Run by MeinName at 2010-08-18 13:06:01
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 61 GB (64%) free of 95 GB
    Total RAM: 2046 MB (69% free)
    
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13.06.04, on 18/08/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
    C:\Programmi\AVG\AVG9\avgchsvx.exe
    C:\Programmi\AVG\AVG9\avgrsx.exe
    C:\Programmi\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\AVG\AVG9\avgwdsvc.exe
    C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\Programmi\AVG\AVG9\avgemc.exe
    C:\Programmi\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programmi\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Documents and Settings\MeinName\Desktop\RSIT.exe
    C:\Programmi\trend micro\MeinName.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    
    --
    End of file - 6424 bytes
    
    ======Scheduled tasks folder======
    
    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    
    ======Registry dump======
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-12-18 329312]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Programmi\AVG\AVG9\avgssie.dll [2010-07-21 1619296]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Programmi\Java\jre6\bin\jp2ssv.dll [2010-06-11 41760]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-12-10 15691264]
    "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
    "TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-08-04 266240]
    "QuickTime Task"=C:\Programmi\QuickTime\qttask.exe [2010-03-17 421888]
    "IntelWireless"=C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
    "AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-16 2065760]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    C:\Programmi\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BRAVIS-{DC0F6114-52CD-420E-BAEB-ECC5BFB0B110}]
    C:\Programmi\BRAVIS\Galaxee 4free\bravis.exe --autostart []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
    CFSServ.exe -NoClient []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-10-06 122940]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
    C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Programmi\Messenger\msmsgs.exe [2008-04-14 1695232]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Programmi\QuickTime\qttask.exe [2010-03-17 421888]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
    C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-05-12 118784]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe [2005-12-17 761945]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TDispVol]
    C:\WINDOWS\system32\TDispVol.exe [2005-09-16 73728]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]
    TFncKy.exe []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
    C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe [2009-12-18 198160]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
    C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe [2005-04-12 65536]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tvs]
    C:\Programmi\TOSHIBA\Tvs\TvsTray.exe [2005-11-30 73728]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
    C:\WINDOWS\system32\WDBtnMgr.exe [2010-06-22 364544]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MeinName^Menu Avvio^Programmi^Esecuzione automatica^Microsoft Office OneNote 2003 Quick Launch.lnk]
    C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE [2004-06-17 59080]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.exe.lnk]
    C:\PROGRA~1\FILECO~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-04-29 114688]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^WD Backup Monitor.lnk]
    C:\PROGRA~1\MYBOOK~1\WDBACK~1\UBBMON~1.EXE [2006-09-07 98304]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2005-12-21 48128]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2010-07-16 12536]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=1
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Programmi\AVG\AVG9\avgemc.exe"="C:\Programmi\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\Programmi\AVG\AVG9\avgupd.exe"="C:\Programmi\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Programmi\AVG\AVG9\avgnsx.exe"="C:\Programmi\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Programmi\Internet Explorer\iexplore.exe"="C:\Programmi\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\Documents and Settings\MeinName\Desktop\PDF_Creator_Setup.exe"="C:\Documents and Settings\MeinName\Desktop\PDF_Creator_Setup.exe:*:Enabled:PDF Creator"
    "C:\Programmi\Messenger\msmsgs.exe"="C:\Programmi\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    
    ======List of files/folders created in the last 1 months======
    
    2010-08-18 11:39:48 ----D---- C:\Documents and Settings\MeinName\Dati applicazioni\AVG9
    2010-08-18 10:59:08 ----A---- C:\WINDOWS\system32\tasklist.exe
    2010-08-18 09:17:46 ----D---- C:\rsit
    2010-08-18 09:17:46 ----D---- C:\Programmi\trend micro
    2010-08-16 16:36:30 ----A---- C:\WINDOWS\system32\lsdelete.exe
    2010-08-16 16:22:15 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
    2010-08-16 16:22:13 ----A---- C:\WINDOWS\system32\drivers\SBREDrv.sys
    2010-08-16 16:18:53 ----HDC---- C:\Documents and Settings\All Users\Dati applicazioni\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
    2010-08-16 16:18:22 ----D---- C:\Programmi\Lavasoft
    2010-08-16 16:18:22 ----D---- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
    
    ======List of files/folders modified in the last 1 months======
    
    2010-08-18 12:45:49 ----D---- C:\WINDOWS\Prefetch
    2010-08-18 12:24:36 ----D---- C:\WINDOWS\network diagnostic
    2010-08-18 12:01:24 ----D---- C:\WINDOWS\system32\CatRoot2
    2010-08-18 12:00:10 ----D---- C:\WINDOWS\Temp
    2010-08-18 11:59:02 ----D---- C:\WINDOWS\system32\Lang
    2010-08-18 11:53:52 ----RASH---- C:\boot.ini
    2010-08-18 11:53:52 ----A---- C:\WINDOWS\win.ini
    2010-08-18 11:53:43 ----A---- C:\WINDOWS\system.ini
    2010-08-18 11:44:15 ----A---- C:\WINDOWS\SchedLgU.Txt
    2010-08-18 10:59:08 ----D---- C:\WINDOWS\system32
    2010-08-18 09:32:09 ----D---- C:\Programmi\CCleaner
    2010-08-18 09:29:08 ----RD---- C:\Programmi
    2010-08-18 09:28:34 ----D---- C:\WINDOWS\system32\drivers\Avg
    2010-08-18 09:20:21 ----D---- C:\Programmi\DFM2HTML
    2010-08-18 09:07:38 ----D---- C:\ce49501e2164987ae4f3820e0ca53d
    2010-08-16 16:24:04 ----D---- C:\WINDOWS
    2010-08-16 16:22:20 ----D---- C:\WINDOWS\system32\drivers
    2010-08-16 16:22:19 ----HD---- C:\WINDOWS\inf
    2010-08-16 16:22:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2010-08-16 16:18:53 ----SHD---- C:\WINDOWS\Installer
    2010-08-16 16:18:16 ----D---- C:\WINDOWS\WinSxS
    2010-08-16 12:45:43 ----D---- C:\Documents and Settings\MeinName\Dati applicazioni\Adobe
    2010-08-14 00:55:26 ----AD---- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
    2010-08-12 08:53:46 ----RSD---- C:\WINDOWS\assembly
    2010-08-12 08:50:37 ----D---- C:\WINDOWS\Microsoft.NET
    2010-08-11 23:50:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2010-08-11 23:50:21 ----HD---- C:\WINDOWS\$hf_mig$
    2010-08-11 23:49:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2010-08-11 23:45:37 ----D---- C:\Programmi\Internet Explorer
    2010-08-11 23:42:58 ----D---- C:\WINDOWS\Debug
    2010-08-11 23:42:41 ----D---- C:\Programmi\Movie Maker
    2010-08-11 17:53:57 ----D---- C:\VALUEADD
    2010-08-06 10:23:10 ----D---- C:\Programmi\PeerBlock
    2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe
    2010-07-27 08:29:44 ----A---- C:\WINDOWS\system32\shell32.dll
    
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-09-12 89264]
    R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
    R0 ohci1394;Controller host Texas Instruments IEEE 1394 compatibile OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
    R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-11-14 43528]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-07-16 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-03 29584]
    R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-07-16 243024]
    R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
    R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
    R1 intelppm;Driver processore Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-12-17 21275]
    R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
    R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
    R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
    R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
    R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
    R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
    R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
    R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
    R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
    R2 s24trans;Trasporto WLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
    R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
    R3 Arp1394;Protocollo client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-12-21 1419264]
    R3 HDAudBus;Driver bus UAA Microsoft per High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Driver di classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-10 4123136]
    R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
    R3 mouhid;Driver di mouse HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-30 12160]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
    R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-17 191936]
    R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
    R3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
    R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
    R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
    R3 usbuhci;Driver Miniport Controller Universal Host USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
    S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
    S3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-11 163328]
    S3 hexmagic;hexmagic; \??\C:\WINDOWS\system32\drivers\hexmagic.sys []
    S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Programmi\Lavasoft\Ad-Aware\KernExplorer.sys []
    S3 pbfilter;pbfilter; \??\C:\Programmi\PeerBlock\pbfilter.sys []
    S3 usbccgp;Driver principale generico USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    S3 usbprint;Classe stampanti USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 USBSTOR;Driver archiviazione di massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-12-21 405504]
    R2 avg9emc;AVG Free E-mail Scanner; C:\Programmi\AVG\AVG9\avgemc.exe [2010-07-21 921952]
    R2 avg9wd;AVG Free WatchDog; C:\Programmi\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
    R2 CFSvcs;ConfigFree Service; C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-18 40960]
    R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Programmi\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe [2010-08-16 1355416]
    R2 MDM;Machine Debug Manager; C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
    R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
    R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
    R2 TAPPSRV;TOSHIBA Application Service; C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
    S2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
    S3 aspnet_state;Servizio stato di ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 ose;Office Source Engine; C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S4 NetTcpPortSharing;Servizio di condivisione porte Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
    
    -----------------EOF-----------------

    Hijack
    HTML-Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11.13.01, on 18/08/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    C:\Programmi\AVG\AVG9\avgchsvx.exe
    C:\Programmi\AVG\AVG9\avgrsx.exe
    C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
    C:\Programmi\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\Programmi\AVG\AVG9\avgwdsvc.exe
    C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\Programmi\AVG\AVG9\avgemc.exe
    C:\Programmi\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Programmi\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Documents and Settings\AH\Desktop\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    
    --
    End of file - 6123 bytes
    Geändert von idila (18.08.2010 um 13:22 Uhr)

  2. #2
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.772

    AW: Malware, Viren, Troianer?

    Herzlich Willkommen hier bei uns am HijackThis Supportboard!

    **Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!**
    Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
    ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
    Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten! Ansonsten verlangsamt unsere Arbeit, wenn wir immer wieder noch an Kleinigkeiten nachschlagen müssen und dadurch eventuell die Übersicht verloren geht...

    Zitat Zitat von idila Beitrag anzeigen
    P.S. Nachdem ich alle Log-Tools runtergeladen und auch habe laufen lassen, hat mein Compi angefangen zu spinnen. Mußte ihn 2x manuell runterfahren und neustarten, ist das normal?
    ► Seitdem Vorfall "streikt" dein PC noch, oder so etwas nicht mehr vorgekommen?
    Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen und gleich ein spezielles Entfernungsprogramm einsetzen dazu:

    1.
    Dienst beenden:
    Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

    Code:
    Lavasoft Ad-Aware Service - Lavasoft
    2.
    Lade Malwarebytes Anti-Malware (ca. 2 MB) von einem dieser Downloadspiegel herunter:
    • Anwendbar auf Windows 2000, XP, Vista und Windows 7.
    • Installiere das Programm in den vorgegebenen Pfad.
    • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
    • Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
    • Aktiviere "Komplett Scan durchführen" => Scan.
    • Wähle alle verfügbaren Laufwerke aus und starte den Scan.
    • Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
    • Bei Funden in C:\System Volume Information den Haken entfernen.
      Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
      Er könnte jedoch trotz Malware noch gebraucht werden.
    • Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Löschen".
    • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
    • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
    • Berichte, wie der Rechner nun läuft.
    Hier findest Du eine ausführliche und bebilderte Anleitung

    3.
    Zunächst bitte folgende Einstellungen vornehmen: System-Dateien und -Ordner unter XP, Vista und Win7 sichtbar machen
    Am Ende unserer Arbeit, kannst wieder rückgängig machen!

    4.
    poste erneut:
    ► Trend Micro HijackThis-Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

    5.
    "Dateiliste mit HJTscanlist.bat erstellen"
    Lade dir HJTscanlist.zip. -(Punkt 6) herunter ( den angegebenen Link anklicken ► Punkt 6. aussuchen ► Anweisungen folgen) anschließend das erhaltene Logfile hier posten.

    6.
    • Download den CCleaner
    • Software-Lizenzvereinbarung lesen, falls angeboten wird ("Füge CCleaner Yahoo! Toolbar hinzu" - abwählen!)-> starten -> Falls nötig, unter Options settings -> "german" einstellen.
    • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
    • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)


    Bitte alle Ergebnisse im Code-Tags posten!

    vor dein Logfile (Textergebnis) schreibst du:[code]
    hier kommt dein Logfile rein
    dahinter:[/code]
    gruß
    argos
    Geändert von kira (18.08.2010 um 15:16 Uhr)
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  3. #3
    Einsteiger
    Registriert seit
    18.08.2010
    Beiträge
    7

    AW: Malware, Viren, Troianer?

    Hallo Argos, vielen Dank für deine Antwort und Mühen!

    Zitat von idila: P.S. Nachdem ich alle Log-Tools runtergeladen und auch habe laufen lassen, hat mein Compi angefangen zu spinnen. Mußte ihn 2x manuell runterfahren und neustarten, ist das normal?
    Zitat von argos: Seitdem Vorfall "streikt" dein PC noch, oder so etwas nicht mehr vorgekommen?
    Es ist nicht mehr vorgekommen. Allerdings was neues Komisches, ich konnte plötzlich nicht mehr auf meinen Dokumentenordner zugreifen: ich hätte keine Rechte dazu. Sowas ist mir noch nie in meinem 10 jährigen "Computerleben" passiert. Ohne ersichtlichen Grund, ich hatte nichts geändert, habe da auch kein Passwort, habe ihn vorher stundenlang problemlos öffnen können und es gibt nur mich als User. Habe den Compi neugestartet und es geht seitdem wieder. Es war heute etwa zwischen 19.00 - 19.30 Uhr passiert, falls es von der Ursache Spuren in den Logs geben sollte.


    Bevor ich meine Logs poste, eine Sache, die mir aufgefallen ist und die kein Antivirenprogramm entdeckt, aber offenbar nicht in Ordnung ist: in C: ist ein Recycler S-1-5-21-2767231553-2537787753-3555782994-1006 (verborgener Ordner), den hatte ich schon mal kompliziert entfernt, nun ist er wieder da. Was ist das?


    Nun die Logs
    1. Habe Lavasoft und AVG-Dienst über Services.msc deaktiviert

    2. Malwarebytes Anti-Malware Gratis Version installiert, upgedatet

    3. alle Ordner sichtbar gemacht und Anti-Malware Vollscan gemacht
    alles was gefunden wurde bezieht sich auf das Programm Funshion, welches allerdings nicht im Startup ist, seit Monaten auf dem Compi ist, nie ungewollt im Taskmgr zu sehen war und nie Probleme verursacht hat, ich habe es nun dennoch deinstalliert, da es eh dem Auge schadet (Gratis-schlechte-Kinofilmkopie-Streaming, lol), ich habe den Log dennoch gelassen (auch wenn Programm nun weg) als Dokumentation

    Mbam Log
    Code:
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    
    Datenbank Version: 4449
    
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    
    19/08/2010 21.23.34
    mbam-log-2010-08-19 (21-23-34).txt
    
    Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
    Durchsuchte Objekte: 212570
    Laufzeit: 51 Minute(n), 55 Sekunde(n)
    
    Infizierte Speicherprozesse: 0
    Infizierte Speichermodule: 0
    Infizierte Registrierungsschlüssel: 3
    Infizierte Registrierungswerte: 0
    Infizierte Dateiobjekte der Registrierung: 0
    Infizierte Verzeichnisse: 25
    Infizierte Dateien: 225
    
    Infizierte Speicherprozesse:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Speichermodule:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Funshion Task (Adware.Funshion) -> Quarantined and deleted successfully.
    
    Infizierte Registrierungswerte:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateiobjekte der Registrierung:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Verzeichnisse:
    C:\Programmi\Funshion Online (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\control (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\XPSP2Patch (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Funshion (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\Baiduflash (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\Baiduflash\subflash (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\cacheflash (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flash (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\historyTorrent (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\ini (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\media (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\Funshion\media\???? (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\Funshion\media\??2:?? (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\Funshion\media\????:???(100604) (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\Funshion\media\?????2;????? (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\Seed (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\update (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.1.0.20Beta (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.1.0.26Beta (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.2.0.17 (Adware.Funshion) -> Quarantined and deleted successfully.
    
    Infizierte Dateien:
    C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.2.0.17\FunshionInstall2.2.0.17.exe (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\Uninstall.exe (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\cook.dll (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\CrashReport.exe (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\dbghelp.dll (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\drvc.dll (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\Encrypt.dll (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\Funshion-install.ico (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\Funshion.exe (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\FunshionGame.ico (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\FunshionHelp.url (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\FunshionImg.jpg (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\funshionplugin2.dll (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\FunshionService.exe (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\GetMACAddress.dll (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\LangResEnAmerican.dll (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\pncrt.dll (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\pndx5032.dll (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\quality.dll (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\rmoc3260.dll (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\RouterSetting.dll (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\UpdateHistory.url (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\upnp.dll (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\control\1272313990_17239948_1270101347_412.fsp-150.xml (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\control\1272313990_17239948_1270101347_412.fsp-m150.xml (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\control\1272313990_17239948_1270101347_412.fsp_120.xml (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\control\1273682961_5881262_1225700835_926.dat (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\control\1273682961_5881262_1225700835_926.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\control\1279731555_18524595_1275640255_420.dat (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\control\1279731555_18524595_1275640255_420.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\control\1280960929_18524595_1279965054_874.dat (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\control\1280960929_18524595_1279965054_874.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\control\task.xml (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\Buffering.gif (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\CaptionBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\CaptionCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\CaptionMaxBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\CaptionMenuBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\CaptionMenuBtnEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\CaptionMinBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\CaptionNormalBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\CaptionText.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\CaptionTextEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\DiskWarnning.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\DragCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\IeToolBarBack.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\IeToolBarBackEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\IeToolBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\IeToolBarForward.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\IeToolBarForwardEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\IeToolBarHomePage.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\IeToolBarHomePageEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\IeToolBarRefresh.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\IeToolBarRefreshEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\ListHeaderBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\ListHeaderSplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\MainNcFrameBtm.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\MainNcFrameLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\MainNcFrameRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\MainNcFrameTop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\MainNcLeftBtmCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\MainNcLeftTopCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\MainNcRightBtmCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\MainNcRightTopCorner.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PauseAdCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayBarVolumeBarBkgndRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayBarVolumeBarThumb.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayBufferInfoWndBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayBufferInfoWndLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayBufferInfoWndRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnFullView.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnMute.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnNext.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnNormal.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnPause.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnPlay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnPlayList.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnPre.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnSetting.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnStop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarBtnVolume.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarLeftBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarRightBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerBarSplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerHideBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerHideBtnRgn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayerTipCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayInfoBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayInfoBkgndSel.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayInfoBtmBar.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayInfoBtnMenu.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayInfoCurPlay.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayInfoHeaderBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayInfoTitleBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayListAddBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlayListRemove.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlaySplidBarBefore.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlaySplidBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlaySplidBarDownload.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlaySplidBarHead.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlaySplidBarThumb.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\PlaySplidBarTrail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\RpcLoading.gif (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\RpcStartDlgBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\ScrollBarDownArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\ScrollBarDownArrowRound.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\ScrollBarUpArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\ScrollBarUpArrowRound.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\ScrollBarVerBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\ScrollBarVerWidgetBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\ScrollBarVerWidgetHead.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\ScrollBarVerWidgetMid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\ScrollBarVerWidgetTrail.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\ScrollLinkBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\ScrollLinkFrm.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\SettingDlgIcon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\SplidBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\SplidBarMark.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\StatusBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\StatusBarLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\StatusBarRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\StatusBarSplid.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskBarBtnMenu.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskBarBtnOpenLcl.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskBarBtnShowPlayer.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskBarTipDownArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\taskdown.ico (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskListRightLine.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskListStatIcons.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskListStatSelIcon.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskManagerCloseBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskManagerCloseTxtBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskMgnBarBk.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskMgnBarItem.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskMgnBarList.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskMgnBarLScrollBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskMgnBarRScrollBtn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskMgnTitleBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskMgnTitleLeft.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskMgnTitleRight.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\taskpause.ico (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\taskplaying.ico (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\taskstop.ico (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskTabBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarBkgnd.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarDelete.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarDeleteEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarDownload.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarDownloadEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarRestore.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarRestoreEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarStop.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TaskToolBarStopEn.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\taskupload.ico (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\Thumbs.db (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TipBottomArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TipRightArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\skin\TipTopArrow.bmp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\XPSP2Patch\evid4226-vc80-mt.exe (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Programmi\Funshion Online\Funshion\XPSP2Patch\funshion_clone.exe (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Funshion\Funshion Use Help.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Funshion\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Funshion\Pop Game Corpora.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Funshion\Uninstall Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Avvio\Programmi\Funshion\Update History.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\flash-1.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\fsdxdiag.txt (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\fstracert.txt (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\HEIDI_info.ini (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\install.ini (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\Baiduflash\fxPlayer2.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\cacheflash\blankFs.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\cacheflash\donghua1_16.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\cacheflash\donghua3_18.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flash\FunshionAD20100531.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\1A6A79C9_401B_4D3F_1E12_4C2F44EA50FA.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\343DE780_A288_7674_21B4_CA7ADACCEE96.date1280280863.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\407B3952_02DA_2101_F819_A651092761A1.date1279731509.flv (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\40931B43_81A1_D499_AF89_8AED9251DE70.date1280093759.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\4CC725D7_D18A_9A7D_BD74_6F878AB969AC.date1280960845.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\6E071D52_BC76_6FF7_A82F_B7AA1F01ADAE.date1280960845.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\709FBADE_B26D_2071_BB94_8D416B2C5970.date1280093759.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\82D50BCA_9096_4F4A_26E0_FC9AB756D27A.date1280093759.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\8E90BA4F_EF1A_1394_D188_5AC9539241F7.date1280960845.flv (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\8FE04BD9_45E3_4347_A7C7_414C80DF8090.date1280280863.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\9695251C_846F_628E_F7B2_9913BE1C982F.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\A7DB56A1_E58A_F981_4612_D6775C804558.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\C2FBD6D4_9F59_D093_65AE_40AFB5671734.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\CCE75FFB_60CD_90E2_D0E3_4B9575DB1BD8.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\D798C866_02F1_DDE6_5A4B_9D3FAF70698D.date1279731509.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\F41403A3_8404_5F64_3305_498C42FDE261.date1280093759.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\F8C3BF31_E83A_5D7D_125F_D3691B53670F.date1280093759.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\FBAE76D4_31BC_AFCA_F06C_6482D9F2E033.date1280960845.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\FC5968D3_1013_C1A8_124D_334671C13F46.date1280093759.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\FDF2C77B_1FE8_AE3C_D6E1_07FF8B370FFC.date1279731509.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\cache\flashNew\FF5EC401_520C_9DB0_D41B_34B97126B002.date1280093759.swf (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\historyTorrent\FunshionInstall2.2.0.17.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\Funshion\historyTorrent\????.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\Funshion\historyTorrent\????:???(100604).fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\ini\httpfile.ini (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\ini\temp_config.ini (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\media\Install Latest Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\media\Start Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\Seed\12771583_1236583319_439.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\Seed\16727680_1268982953_259.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\Seed\17239948_1263966079_988.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\Seed\17239948_1265089519_564.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\Seed\18524595_1275640255_420.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\Seed\2111662_1203386651_304.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\Seed\5372255_1205130912_73.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\update\AdLinkParamFile.fax (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\update\ad_define.fai (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\update\ad_material.fax (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\update\flashParam.txt (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.1.0.20Beta.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.1.0.26Beta.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.1.0.27Beta.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\update\FunshionInstall2.2.0.17.fsp (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\funshion\update\localad.fax (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\MeinName\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Avvio\Funshion.lnk (Adware.Funshion) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\funshion.ini (Adware.Funshion) -> Quarantined and deleted successfully.

    4. HijackThis Log
    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21.27.58, on 19/08/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    C:\Programmi\AVG\AVG9\avgchsvx.exe
    C:\Programmi\AVG\AVG9\avgrsx.exe
    C:\Programmi\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\AVG\AVG9\avgwdsvc.exe
    C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Programmi\AVG\AVG9\avgemc.exe
    C:\Programmi\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Documents and Settings\MeinName\Desktop\Hijack Forum\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmi\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    
    --
    End of file - 6348 bytes

    5. HJTscanlist.bat Log
    Code:
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                            º                                    º 
                                        hjtscanlist v2.0              
                            º                                    º 
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
    
    Microsoft Windows XP [Versione 5.1.2600]
     
     
    C:
    
      19/08/2010 21.23      C:\Programmi --------- 0 
      19/08/2010 19.53      C:\boot.ini --------- 211 
            C:\hiberfil.sys ---------  
            C:\pagefile.sys ---------  
      19/08/2010 19.49      C:\aaw7boot.log --------- 2497 
      18/08/2010 09.17      C:\rsit --------- 0 
      18/08/2010 09.07      C:\ce49501e2164987ae4f3820e0ca53d --------- 0 
      16/08/2010 16.24      C:\WINDOWS --------- 0 
      11/08/2010 17.53      C:\VALUEADD --------- 0 
      22/06/2010 22.32      C:\System Volume Information --------- 0 
      22/06/2010 21.39      C:\ArcDeviceInfo --------- 20 
      18/02/2010 20.28      C:\147aee25a41481d81704b59357 --------- 0 
      22/12/2009 20.22      C:\$AVG --------- 0 
      22/12/2009 12.47      C:\KPCMS --------- 0 
      18/12/2009 12.29      C:\ntldr --------- 251600 
      18/12/2009 00.44      C:\MSOCache --------- 0 
      18/12/2009 00.44      C:\I386 --------- 0 
      17/12/2009 23.35      C:\RECYCLER --------- 0 
      17/12/2009 23.28      C:\Documents and Settings --------- 0 
      17/12/2009 23.26      C:\TOOLSCD --------- 0 
      31/03/2006 16.51      C:\SUPPORT --------- 0 
      17/01/2006 10.33      C:\IO.SYS --------- 0 
      17/01/2006 10.33      C:\AUTOEXEC.BAT --------- 0 
      17/01/2006 10.33      C:\CONFIG.SYS --------- 0 
      17/01/2006 10.33      C:\MSDOS.SYS --------- 0 
      19/08/2004 13.00      C:\NTDETECT.COM --------- 47564 
      19/08/2004 13.00      C:\Bootfont.bin --------- 4952 
    ----------------------------------------
    
     
    C:\WINDOWS
    
      19/08/2010 22.08     C:\WINDOWS\wiadebug.log --------- 254 
      19/08/2010 21.23     C:\WINDOWS\WindowsUpdate.log --------- 1464561 
      19/08/2010 19.53     C:\WINDOWS\win.ini --------- 573 
      19/08/2010 19.53     C:\WINDOWS\system.ini --------- 227 
      19/08/2010 19.49     C:\WINDOWS\0.log --------- 0 
      19/08/2010 19.49     C:\WINDOWS\wiaservc.log --------- 50 
      19/08/2010 19.49     C:\WINDOWS\bootstat.dat --------- 2048 
      19/08/2010 19.48     C:\WINDOWS\SchedLgU.Txt --------- 32578 
      18/08/2010 12.24     C:\WINDOWS\setupapi.log --------- 17438 
      11/08/2010 23.50     C:\WINDOWS\iis6.log --------- 9889 
      11/08/2010 23.50     C:\WINDOWS\ocmsn.log --------- 3860 
      11/08/2010 23.50     C:\WINDOWS\tsoc.log --------- 23590 
      11/08/2010 23.50     C:\WINDOWS\imsins.log --------- 1374 
      11/08/2010 23.50     C:\WINDOWS\comsetup.log --------- 20787 
      11/08/2010 23.50     C:\WINDOWS\ntdtcsetup.log --------- 12632 
      11/08/2010 23.50     C:\WINDOWS\KB982214.log --------- 12333 
      11/08/2010 23.50     C:\WINDOWS\ocgen.log --------- 29560 
      11/08/2010 23.50     C:\WINDOWS\msgsocm.log --------- 3090 
      11/08/2010 23.50     C:\WINDOWS\FaxSetup.log --------- 61827 
      11/08/2010 23.50     C:\WINDOWS\imsins.BAK --------- 1374 
      11/08/2010 23.50     C:\WINDOWS\KB2115168.log --------- 16723 
      11/08/2010 23.50     C:\WINDOWS\KB981852.log --------- 14047 
      11/08/2010 23.49     C:\WINDOWS\KB2079403.log --------- 17123 
      11/08/2010 23.49     C:\WINDOWS\updspapi.log --------- 3938 
      11/08/2010 23.45     C:\WINDOWS\KB2183461-IE8.log --------- 15066 
      11/08/2010 23.45     C:\WINDOWS\KB2160329.log --------- 13215 
      11/08/2010 23.45     C:\WINDOWS\KB980436.log --------- 12564 
      11/08/2010 23.42     C:\WINDOWS\KB981997.log --------- 6779 
      11/08/2010 23.42     C:\WINDOWS\KB982665.log --------- 11107 
      03/08/2010 15.21     C:\WINDOWS\KB2286198.log --------- 8897 
      03/08/2010 15.21     C:\WINDOWS\setupact.log --------- 0 
      03/08/2010 15.21     C:\WINDOWS\setuperr.log --------- 0 
      25/06/2010 17.08     C:\WINDOWS\PROTOCOL.INI --------- 0 
      18/02/2010 20.43     C:\WINDOWS\BRWMARK.INI --------- 456 
      11/02/2010 03.16     C:\WINDOWS\setupapi.log.0.old --------- 1025358 
      06/01/2010 13.07     C:\WINDOWS\d3dx.dat --------- 4096 
      22/12/2009 19.58     C:\WINDOWS\BRPP2KA.INI --------- 27 
      22/12/2009 12.48     C:\WINDOWS\KPCMS.INI --------- 173 
      18/12/2009 14.35     C:\WINDOWS\WMSysPr9.prx --------- 316640 
      18/12/2009 12.05     C:\WINDOWS\ODBC.INI --------- 424 
      14/04/2008 04.14     C:\WINDOWS\winhlp32.exe --------- 286720 
      14/04/2008 04.14     C:\WINDOWS\slrundll.exe --------- 32866 
      14/04/2008 04.14     C:\WINDOWS\regedit.exe --------- 151552 
      14/04/2008 04.14     C:\WINDOWS\notepad.exe --------- 70144 
      14/04/2008 04.14     C:\WINDOWS\hh.exe --------- 10752 
      14/04/2008 04.14     C:\WINDOWS\explorer.exe --------- 1036288 
      14/04/2008 04.13     C:\WINDOWS\twain_32.dll --------- 50688 
      28/12/2006 21.01     C:\WINDOWS\002502_.tmp --------- 19569 
      31/03/2006 18.08     C:\WINDOWS\EOLAS.tag --------- 14 
      19/01/2006 11.11     C:\WINDOWS\REGLOCS.OLD --------- 8192 
      17/01/2006 16.06     C:\WINDOWS\smscfg.ini --------- 61 
      17/01/2006 15.09     C:\WINDOWS\wininit.ini --------- 320 
      17/01/2006 14.49     C:\WINDOWS\NDSTray.INI --------- 0 
      17/01/2006 11.28     C:\WINDOWS\Sti_Trace.log --------- 0 
      17/01/2006 10.39     C:\WINDOWS\orun32.isu --------- 202033 
      17/01/2006 10.39     C:\WINDOWS\orun32.ini --------- 825 
      17/01/2006 10.33     C:\WINDOWS\control.ini --------- 0 
      17/01/2006 10.32     C:\WINDOWS\ODBCINST.INI --------- 4161 
      17/01/2006 10.31     C:\WINDOWS\WindowsShell.Manifest --------- 749 
      17/01/2006 10.30     C:\WINDOWS\vbaddin.ini --------- 37 
      17/01/2006 10.30     C:\WINDOWS\vb.ini --------- 36 
      10/12/2005 00.49     C:\WINDOWS\RTHDCPL.exe --------- 15691264 
      09/12/2005 01.42     C:\WINDOWS\MicCal.exe --------- 2142208 
      03/11/2005 00.56     C:\WINDOWS\RTLCPL.exe --------- 9710592 
      27/10/2005 16.17     C:\WINDOWS\TWallEx43_169.exe --------- 237568 
      21/10/2005 22.49     C:\WINDOWS\RtlUpd.exe --------- 356352 
      15/10/2005 15.29     C:\WINDOWS\agrsmmsg.exe --------- 88203 
      11/10/2005 22.33     C:\WINDOWS\alcwzrd.exe --------- 2807808 
      06/10/2005 06.20     C:\WINDOWS\DLA.EXE --------- 94263 
      21/09/2005 19.24     C:\WINDOWS\SoundMan.exe --------- 86016 
      11/05/2005 17.00     C:\WINDOWS\TBTdetect.exe --------- 245760 
      04/05/2005 03.43     C:\WINDOWS\Alcmtr.exe --------- 69632 
      03/05/2005 13.10     C:\WINDOWS\agrsmdel.exe --------- 68096 
      17/04/2005 07.20     C:\WINDOWS\RtlExUpd.dll --------- 487424 
      14/02/2005 09.54     C:\WINDOWS\TVersion.xml --------- 173 
      20/12/2004 15.39     C:\WINDOWS\TBTdetect.ini --------- 466 
      08/12/2004 17.04     C:\WINDOWS\cfdemo.scr --------- 45056 
      19/08/2004 13.00     C:\WINDOWS\clock.avi --------- 82944 
      19/08/2004 13.00     C:\WINDOWS\TASKMAN.EXE --------- 15360 
      19/08/2004 13.00     C:\WINDOWS\msdfmap.ini --------- 1405 
      19/08/2004 13.00     C:\WINDOWS\desktop.ini --------- 2 
      19/08/2004 13.00     C:\WINDOWS\explorer.scf --------- 80 
      19/08/2004 13.00     C:\WINDOWS\vmmreg32.dll --------- 18944 
      19/08/2004 13.00     C:\WINDOWS\twain.dll --------- 94816 
      19/08/2004 13.00     C:\WINDOWS\twunk_16.exe --------- 49680 
      19/08/2004 13.00     C:\WINDOWS\twunk_32.exe --------- 25600 
      19/08/2004 13.00     C:\WINDOWS\winhelp.exe --------- 256859 
      19/08/2004 13.00     C:\WINDOWS\wmprfITA.prx --------- 36800 
      19/08/2004 13.00     C:\WINDOWS\_default.pif --------- 707 
      09/10/2003 18.55     C:\WINDOWS\cfdemo.exe --------- 20966970 
      07/11/2002 12.35     C:\WINDOWS\MakeMrk.exe --------- 159744 
      03/09/2002 13.02     C:\WINDOWS\unlite3.exe --------- 72192 
      18/06/1999 22.13     C:\WINDOWS\sprof32.dll --------- 133120 
      26/05/1999 10.46     C:\WINDOWS\pfpick.dll --------- 58368 
      26/05/1999 10.46     C:\WINDOWS\kpsys32.dll --------- 37376 
      26/05/1999 10.46     C:\WINDOWS\kpcp32.dll --------- 196608 
      26/05/1999 10.46     C:\WINDOWS\icccodes.dll --------- 20992 
      26/05/1999 10.46     C:\WINDOWS\iccsigs.dat --------- 40129 
      23/03/1999 08.12     C:\WINDOWS\unin0407.exe --------- 304128 
      13/11/1998 13.07     C:\WINDOWS\IsUn0410.exe --------- 307712 
    ----------------------------------------
    
     
    C:\WINDOWS\System
    
     14/04/2008 04.14    C:\WINDOWS\System\winspool.drv --------- 146944 
     19/08/2004 13.00    C:\WINDOWS\System\AVIFILE.DLL --------- 109520 
     19/08/2004 13.00    C:\WINDOWS\System\COMMDLG.DLL --------- 33632 
     19/08/2004 13.00    C:\WINDOWS\System\KEYBOARD.DRV --------- 2000 
     19/08/2004 13.00    C:\WINDOWS\System\LZEXPAND.DLL --------- 9936 
     19/08/2004 13.00    C:\WINDOWS\System\MCIAVI.DRV --------- 73664 
     19/08/2004 13.00    C:\WINDOWS\System\MCISEQ.DRV --------- 25296 
     19/08/2004 13.00    C:\WINDOWS\System\MCIWAVE.DRV --------- 28160 
     19/08/2004 13.00    C:\WINDOWS\System\MMSYSTEM.DLL --------- 69664 
     19/08/2004 13.00    C:\WINDOWS\System\MMTASK.TSK --------- 1152 
     19/08/2004 13.00    C:\WINDOWS\System\MOUSE.DRV --------- 2032 
     19/08/2004 13.00    C:\WINDOWS\System\AVICAP.DLL --------- 70320 
     19/08/2004 13.00    C:\WINDOWS\System\OLECLI.DLL --------- 83456 
     19/08/2004 13.00    C:\WINDOWS\System\OLESVR.DLL --------- 24064 
     19/08/2004 13.00    C:\WINDOWS\System\setup.inf --------- 59167 
     19/08/2004 13.00    C:\WINDOWS\System\SHELL.DLL --------- 5120 
     19/08/2004 13.00    C:\WINDOWS\System\SOUND.DRV --------- 1744 
     19/08/2004 13.00    C:\WINDOWS\System\stdole.tlb --------- 5532 
     19/08/2004 13.00    C:\WINDOWS\System\SYSTEM.DRV --------- 3360 
     19/08/2004 13.00    C:\WINDOWS\System\TAPI.DLL --------- 19200 
     19/08/2004 13.00    C:\WINDOWS\System\TIMER.DRV --------- 4080 
     19/08/2004 13.00    C:\WINDOWS\System\VER.DLL --------- 9171 
     19/08/2004 13.00    C:\WINDOWS\System\VGA.DRV --------- 2176 
     19/08/2004 13.00    C:\WINDOWS\System\WFWNET.DRV --------- 13600 
     19/08/2004 13.00    C:\WINDOWS\System\MSVIDEO.DLL --------- 127168 
    ----------------------------------------
    
     
    C:\WINDOWS\System32
    
     19/08/2010 21.24     C:\WINDOWS\system32\drivers --------- 0 
     19/08/2010 19.50     C:\WINDOWS\system32\Lang --------- 0 
     19/08/2010 18.53     C:\WINDOWS\system32\CatRoot2 --------- 0 
     16/08/2010 16.22     C:\WINDOWS\system32\DRVSTORE --------- 0 
     12/08/2010 08.27     C:\WINDOWS\system32\FNTCACHE.DAT --------- 245512 
     11/08/2010 23.50     C:\WINDOWS\system32\dllcache --------- 0 
     11/08/2010 23.49     C:\WINDOWS\system32\perfc010.dat --------- 84354 
     11/08/2010 23.49     C:\WINDOWS\system32\perfh010.dat --------- 489648 
     11/08/2010 23.49     C:\WINDOWS\system32\perfh009.dat --------- 441458 
     11/08/2010 23.49     C:\WINDOWS\system32\perfc009.dat --------- 71394 
     11/08/2010 23.49     C:\WINDOWS\system32\PerfStringBackup.INI --------- 1056408 
     03/08/2010 20.09     C:\WINDOWS\system32\MRT.exe --------- 35962312 
     27/07/2010 08.29     C:\WINDOWS\system32\shell32.dll --------- 8491520 
     25/07/2010 19.19     C:\WINDOWS\system32\wpa.dbl --------- 1158 
     16/07/2010 11.44     C:\WINDOWS\system32\avgrsstx.dll --------- 12536 
     12/07/2010 10.55     C:\WINDOWS\system32\lsdelete.exe --------- 15880 
     30/06/2010 14.31     C:\WINDOWS\system32\schannel.dll --------- 149504 
     24/06/2010 17.52     C:\WINDOWS\system32\ieframe.dll --------- 11077120 
     24/06/2010 14.22     C:\WINDOWS\system32\occache.dll --------- 206848 
     24/06/2010 14.22     C:\WINDOWS\system32\urlmon.dll --------- 1210368 
     24/06/2010 14.22     C:\WINDOWS\system32\mstime.dll --------- 611840 
     24/06/2010 14.22     C:\WINDOWS\system32\wininet.dll --------- 916480 
     24/06/2010 14.22     C:\WINDOWS\system32\mshtml.dll --------- 5951488 
     24/06/2010 14.22     C:\WINDOWS\system32\jsproxy.dll --------- 25600 
     24/06/2010 14.22     C:\WINDOWS\system32\msfeedsbs.dll --------- 55296 
     24/06/2010 14.22     C:\WINDOWS\system32\inetcpl.cpl --------- 1469440 
     24/06/2010 14.22     C:\WINDOWS\system32\msfeeds.dll --------- 599040 
     24/06/2010 14.22     C:\WINDOWS\system32\iertutil.dll --------- 1986560 
     24/06/2010 14.22     C:\WINDOWS\system32\iepeers.dll --------- 184320 
     24/06/2010 14.22     C:\WINDOWS\system32\iedkcs32.dll --------- 387584 
     24/06/2010 11.02     C:\WINDOWS\system32\win32k.sys --------- 1851904 
     23/06/2010 14.08     C:\WINDOWS\system32\ie4uinit.exe --------- 173056 
     22/06/2010 21.37     C:\WINDOWS\system32\WDBtnMgr.exe --------- 364544 
     17/06/2010 16.03     C:\WINDOWS\system32\iccvid.dll --------- 80384 
     15/06/2010 18.16     C:\WINDOWS\system32\l3codecx.ax --------- 143422 
     14/06/2010 09.41     C:\WINDOWS\system32\msxml3.dll --------- 1172480 
     13/06/2010 17.16     C:\WINDOWS\system32\unins000.dat --------- 2928 
     13/06/2010 17.15     C:\WINDOWS\system32\unins000.exe --------- 716153 
     11/06/2010 13.45     C:\WINDOWS\system32\javaws.exe --------- 153376 
     11/06/2010 13.45     C:\WINDOWS\system32\javaw.exe --------- 145184 
     11/06/2010 13.45     C:\WINDOWS\system32\javacpl.cpl --------- 73728 
     11/06/2010 13.45     C:\WINDOWS\system32\java.exe --------- 145184 
     11/06/2010 13.45     C:\WINDOWS\system32\deployJava1.dll --------- 411368 
     26/05/2010 02.47     C:\WINDOWS\system32\TZLog.log --------- 12140 
     28/04/2010 07.41     C:\WINDOWS\system32\ntkrnlpa.exe --------- 2028032 
     28/04/2010 07.41     C:\WINDOWS\system32\ntoskrnl.exe --------- 2149888 
     21/04/2010 15.28     C:\WINDOWS\system32\tzchange.exe --------- 46080 
     20/04/2010 07.30     C:\WINDOWS\system32\atmfd.dll --------- 285696 
     03/04/2010 03.33     C:\WINDOWS\system32\WMVCore.dll --------- 2365288 
     31/03/2010 00.16     C:\WINDOWS\system32\PresentationHostProxy.dll --------- 99176 
     31/03/2010 00.10     C:\WINDOWS\system32\PresentationHost.exe --------- 295264 
     17/03/2010 21.53     C:\WINDOWS\system32\QuickTimeVR.qtx --------- 94208 
     17/03/2010 21.53     C:\WINDOWS\system32\QuickTime.qts --------- 69632 
     10/03/2010 08.15     C:\WINDOWS\system32\vbscript.dll --------- 420352 
     05/03/2010 16.38     C:\WINDOWS\system32\asycfilt.dll --------- 65536 
     22/02/2010 23.49     C:\WINDOWS\system32\Adobe --------- 0 
     19/02/2010 06.14     C:\WINDOWS\system32\CatRoot --------- 0 
     18/02/2010 20.32     C:\WINDOWS\system32\it-IT --------- 0 
     18/02/2010 20.29     C:\WINDOWS\system32\XPSViewer --------- 0 
     18/02/2010 20.29     C:\WINDOWS\system32\en-US --------- 0 
     18/02/2010 20.28     C:\WINDOWS\system32\spool --------- 0 
     12/02/2010 12.03     C:\WINDOWS\system32\browserchoice.exe --------- 293376 
     12/02/2010 06.33     C:\WINDOWS\system32\6to4svc.dll --------- 100864 
     05/02/2010 20.25     C:\WINDOWS\system32\quartz.dll --------- 1296896 
     29/01/2010 16.59     C:\WINDOWS\system32\inetcomm.dll --------- 691712 
     29/01/2010 16.43     C:\WINDOWS\system32\l3codeca.acm --------- 307260 
     13/01/2010 16.00     C:\WINDOWS\system32\cabview.dll --------- 86528 
     24/12/2009 08.59     C:\WINDOWS\system32\wintrust.dll --------- 177664 
     22/12/2009 14.33     C:\WINDOWS\system32\brss01a.ini --------- 30 
     22/12/2009 14.33     C:\WINDOWS\system32\brsvc01a.bsi --------- 184 
     18/12/2009 16.49     C:\WINDOWS\system32\rmoc3260.dll --------- 185920 
     18/12/2009 16.49     C:\WINDOWS\system32\pndx5032.dll --------- 5632 
     18/12/2009 16.49     C:\WINDOWS\system32\pndx5016.dll --------- 6656 
     18/12/2009 16.49     C:\WINDOWS\system32\msvcr71.dll --------- 348160 
     18/12/2009 16.49     C:\WINDOWS\system32\msvcp71.dll --------- 499712 
     18/12/2009 16.49     C:\WINDOWS\system32\pncrt.dll --------- 278528 
     18/12/2009 14.34     C:\WINDOWS\system32\spupdwxp.log --------- 90 
     18/12/2009 14.34     C:\WINDOWS\system32\Setup --------- 0 
     18/12/2009 14.34     C:\WINDOWS\system32\wbem --------- 0 
     18/12/2009 12.36     C:\WINDOWS\system32\usmt --------- 0 
     18/12/2009 12.36     C:\WINDOWS\system32\it --------- 0 
     18/12/2009 12.36     C:\WINDOWS\system32\bits --------- 0 
     18/12/2009 12.32     C:\WINDOWS\system32\Restore --------- 0 
     18/12/2009 12.32     C:\WINDOWS\system32\npp --------- 0 
     18/12/2009 12.32     C:\WINDOWS\system32\Com --------- 0 
     18/12/2009 12.32     C:\WINDOWS\system32\oobe --------- 0 
     18/12/2009 12.29     C:\WINDOWS\system32\ReinstallBackups --------- 0 
     18/12/2009 01.03     C:\WINDOWS\system32\IME --------- 0 
     17/12/2009 23.49     C:\WINDOWS\system32\LuResult.txt --------- 94 
     17/12/2009 23.47     C:\WINDOWS\system32\PreInstall --------- 0 
     17/12/2009 23.37     C:\WINDOWS\system32\SoftwareDistribution --------- 0 
     17/12/2009 23.32     C:\WINDOWS\system32\results.txt --------- 308 
     17/12/2009 23.27     C:\WINDOWS\system32\$winnt$.inf --------- 520 
     17/12/2009 09.40     C:\WINDOWS\system32\mspaint.exe --------- 346112 
     14/12/2009 09.08     C:\WINDOWS\system32\csrsrv.dll --------- 33280 
     09/12/2009 07.53     C:\WINDOWS\system32\jscript.dll --------- 726528 
     08/12/2009 11.23     C:\WINDOWS\system32\shlwapi.dll --------- 474624 
     27/11/2009 19.12     C:\WINDOWS\system32\msyuv.dll --------- 17920 
     27/11/2009 18.07     C:\WINDOWS\system32\tsbyuv.dll --------- 8704 
     27/11/2009 18.07     C:\WINDOWS\system32\msrle32.dll --------- 11264 
    ----------------------------------------
    
     
    C:\WINDOWS\Prefetch
    
     19/08/2010 22.17     C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf --------- 12848 
     19/08/2010 22.13     C:\WINDOWS\Prefetch\RUNDLL32.EXE-1329FF7E.pf --------- 58254 
     19/08/2010 22.13     C:\WINDOWS\Prefetch\IEXPLORE.EXE-1BA17782.pf --------- 73070 
    ----------------------------------------
    
     
    C:\WINDOWS\Tasks
    
     19/08/2010 19.49     C:\WINDOWS\Tasks\SA.DAT --------- 6 
     19/08/2010 16.22     C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job --------- 492 
     19/08/2004 13.00     C:\WINDOWS\Tasks\desktop.ini --------- 65 
    ----------------------------------------
    
     
    C:\WINDOWS\Temp
    
     19/08/2010 17.40     C:\WINDOWS\Temp\2bbef23b-9eef-445e-b5f1-aaa7286bc111 --------- 0 
     19/08/2010 09.52     C:\WINDOWS\Temp\780db305-ef80-43fc-8682-70f43307040f --------- 0 
     18/08/2010 21.04     C:\WINDOWS\Temp\4a6e170c-ce54-43d3-8e9b-6dfbb3163a16 --------- 0 
     18/08/2010 11.43     C:\WINDOWS\Temp\Perflib_Perfdata_b8c.dat --------- 16384 
     18/08/2010 09.28     C:\WINDOWS\Temp\6bf14fcf-3250-41b0-a402-e826483d7fc9 --------- 0 
     17/08/2010 17.30     C:\WINDOWS\Temp\ec1ea952-6b14-49ec-9201-7edb3ae9eb66 --------- 0 
     17/08/2010 09.05     C:\WINDOWS\Temp\69074cd6-19da-4af3-9dfd-3344e7acbe14 --------- 0 
     16/08/2010 10.46     C:\WINDOWS\Temp\3e8027db-f768-480e-b282-0803a08e2917 --------- 0 
     15/08/2010 17.47     C:\WINDOWS\Temp\4144365d-2393-4923-b089-2daa2839163f --------- 0 
     15/08/2010 00.42     C:\WINDOWS\Temp\e38c6219-3842-44ed-b1b7-e027f9c02a5e --------- 0 
     14/08/2010 09.43     C:\WINDOWS\Temp\c9e06cc0-87db-491e-81f2-fe2c607e24a0 --------- 0 
     13/08/2010 17.18     C:\WINDOWS\Temp\fbff6a36-5561-434b-8d9a-a6d8ee9903f2 --------- 0 
     13/08/2010 09.05     C:\WINDOWS\Temp\fea21b70-6710-49df-983d-0fca34944b93 --------- 0 
     12/08/2010 17.23     C:\WINDOWS\Temp\f6ac678a-57c3-471e-8ffc-e647f7dfeb6d --------- 0 
     12/08/2010 08.52     C:\WINDOWS\Temp\13afa031-46df-4aa5-9efc-76fb7fea3658 --------- 0 
     11/08/2010 23.49     C:\WINDOWS\Temp\ASPNETSetup_00001.log --------- 5158 
     11/08/2010 23.45     C:\WINDOWS\Temp\dd_clwireg.txt --------- 49638 
     11/08/2010 16.52     C:\WINDOWS\Temp\722875ed-5bc5-4a54-a891-98f28224b83f --------- 0 
     10/08/2010 18.50     C:\WINDOWS\Temp\577fe4ca-c6fa-4410-b2bd-fa9aa3fc0271 --------- 0 
     10/08/2010 12.08     C:\WINDOWS\Temp\5332ce00-4bf7-46e1-9978-b4a8c6a9bc04 --------- 0 
     09/08/2010 18.03     C:\WINDOWS\Temp\ceafa07e-7f9a-436b-9ae9-972c3b961c36 --------- 0 
     09/08/2010 11.41     C:\WINDOWS\Temp\b3cd1ec0-cdbc-4c1f-a1ab-8aea8768c80a --------- 0 
     08/08/2010 10.51     C:\WINDOWS\Temp\ad4864f3-8a29-413e-bf15-b94910853a8f --------- 0 
     08/08/2010 10.50     C:\WINDOWS\Temp\avginfo.id --------- 50 
     07/08/2010 10.47     C:\WINDOWS\Temp\80377ba7-b09e-4641-88de-89f5dd506702 --------- 0 
     06/08/2010 17.04     C:\WINDOWS\Temp\db8ba6c5-43a7-4661-a59b-e632f61ffa56 --------- 0 
     06/08/2010 09.31     C:\WINDOWS\Temp\725797b9-9d49-40e3-bfbf-b5e02a195729 --------- 0 
     05/08/2010 17.20     C:\WINDOWS\Temp\3b11348a-3658-44c6-8bff-8f898bdf4796 --------- 0 
     04/08/2010 23.23     C:\WINDOWS\Temp\11952d2b-5033-48bc-ba61-b35a04d6dc8a --------- 0 
     04/08/2010 08.44     C:\WINDOWS\Temp\dbe361d8-942d-494e-8038-d4a147616224 --------- 0 
     03/08/2010 11.10     C:\WINDOWS\Temp\6654095c-3d7e-4fe5-a402-09c25bad14bd --------- 0 
     02/08/2010 12.32     C:\WINDOWS\Temp\10b7eb03-167c-48cb-8f5e-ce55a9a1d321 --------- 0 
     01/08/2010 18.15     C:\WINDOWS\Temp\45e9bfa7-a4c3-453f-8fa1-16ab02e8e590 --------- 0 
     01/08/2010 00.38     C:\WINDOWS\Temp\768e5e90-44bb-4095-a606-1a73d9c748d8 --------- 0 
     31/07/2010 08.22     C:\WINDOWS\Temp\b5acd59f-23dd-4ecc-8e8a-c0ca5a935c12 --------- 0 
     30/07/2010 09.36     C:\WINDOWS\Temp\051ba804-92f4-4b73-af20-525ffccc9500 --------- 0 
     29/07/2010 18.57     C:\WINDOWS\Temp\8e117e06-f4cb-44b9-b8a4-d74dad7abab2 --------- 0 
     29/07/2010 09.47     C:\WINDOWS\Temp\0e4fec28-ae18-45de-b937-3e91d5066a89 --------- 0 
     28/07/2010 17.46     C:\WINDOWS\Temp\5af0ec31-699f-4268-8b23-864cda80cba8 --------- 0 
     28/07/2010 03.11     C:\WINDOWS\Temp\07f31533-bb2b-40d7-b0e5-f6e61e0981a4 --------- 0 
     27/07/2010 08.24     C:\WINDOWS\Temp\d8631d0a-6796-4554-a7bb-477acbc8f148 --------- 0 
     26/07/2010 19.06     C:\WINDOWS\Temp\c767b33a-8e46-4498-950e-0100ac21038d --------- 0 
     26/07/2010 10.15     C:\WINDOWS\Temp\1a46da85-3f0e-4c33-9a11-967f4c7f8738 --------- 0 
     25/07/2010 19.24     C:\WINDOWS\Temp\f3befdce-627d-4252-8545-ad72db63ae94 --------- 0 
     24/07/2010 11.36     C:\WINDOWS\Temp\d7503a2d-32b6-4ffa-95f4-f48ee0b44bfe --------- 0 
     24/07/2010 01.55     C:\WINDOWS\Temp\3272c8f4-943d-48b4-8a7c-b87b7e8088bc --------- 0 
     23/07/2010 11.43     C:\WINDOWS\Temp\6519c12c-b8dd-4c24-924a-885061265ed3 --------- 0 
     22/07/2010 18.33     C:\WINDOWS\Temp\d636fd25-a4f2-4343-ab79-2a3b0e32dcce --------- 0 
     22/07/2010 09.38     C:\WINDOWS\Temp\eea28b35-bc88-4081-a136-888d3de303dd --------- 0 
     21/07/2010 19.01     C:\WINDOWS\Temp\9291ad7f-4727-4126-9a92-62bef077c0b7 --------- 0 
     21/07/2010 10.01     C:\WINDOWS\Temp\e14c2733-624e-4455-89f5-8783a85e786a --------- 0 
     20/07/2010 13.59     C:\WINDOWS\Temp\f49b44dd-04ab-41bd-8f4d-6650a45e3900 --------- 0 
     19/07/2010 17.12     C:\WINDOWS\Temp\0abd1a51-b2af-4701-8169-2879c847f22b --------- 0 
     19/07/2010 12.44     C:\WINDOWS\Temp\0492e75a-5b39-4d1c-9b29-9387c5a75ba3 --------- 0 
     18/07/2010 19.43     C:\WINDOWS\Temp\ba1cb26e-adc9-4aaa-a426-bc595033a5ab --------- 0 
     18/07/2010 10.37     C:\WINDOWS\Temp\ed6ae8f9-d6ff-45b2-8c02-0481338e52f6 --------- 0 
     17/07/2010 20.13     C:\WINDOWS\Temp\137e4491-bd2a-4446-be8f-a04e95fd7c8b --------- 0 
     17/07/2010 08.07     C:\WINDOWS\Temp\8a319936-0fe6-410d-b1ca-a02f8002c985 --------- 0 
     16/07/2010 11.42     C:\WINDOWS\Temp\8b241dd8-e380-4be6-a33d-ec99941001f4 --------- 0 
     15/07/2010 09.00     C:\WINDOWS\Temp\98f5b423-3d6b-4c4c-a5d1-969b011ecce3 --------- 0 
     14/07/2010 12.02     C:\WINDOWS\Temp\079ff34f-2031-43cb-8e81-e533c7bc3b54 --------- 0 
     13/07/2010 20.39     C:\WINDOWS\Temp\d77cf01c-eea8-4d42-b854-b37295369f31 --------- 0 
     13/07/2010 08.47     C:\WINDOWS\Temp\2652f219-43d3-4a87-b507-f33af021c895 --------- 0 
     12/07/2010 12.03     C:\WINDOWS\Temp\66814669-9b61-4eda-8a90-f25f5005bac9 --------- 0 
     11/07/2010 18.28     C:\WINDOWS\Temp\05ec655c-8551-48c2-a3c4-048e3bc42cda --------- 0 
     11/07/2010 06.23     C:\WINDOWS\Temp\c27c00ce-0569-46af-b61d-e73add0e5b45 --------- 0 
     10/07/2010 01.25     C:\WINDOWS\Temp\0078f30b-9530-47a1-868c-cfb468d7db0a --------- 0 
     09/07/2010 13.02     C:\WINDOWS\Temp\98134c95-1204-4259-adb9-30e9928885e3 --------- 0 
     08/07/2010 12.24     C:\WINDOWS\Temp\e50ef21b-5108-4907-bc7f-3fd6b98961f3 --------- 0 
     07/07/2010 18.12     C:\WINDOWS\Temp\9512e2cd-6d16-4bae-8daa-17b78f8df4c9 --------- 0 
     06/07/2010 23.42     C:\WINDOWS\Temp\cbe1200e-b037-4a46-a4c8-199f0e6859bf --------- 0 
     05/07/2010 18.45     C:\WINDOWS\Temp\7f510b02-9e73-46eb-af1d-922874998074 --------- 0 
     05/07/2010 09.27     C:\WINDOWS\Temp\ed75143d-a209-41bd-8b4b-7ccb2f3ece95 --------- 0 
     04/07/2010 17.02     C:\WINDOWS\Temp\f5191808-df12-4092-bdc6-bb9f1be1d06c --------- 0 
     04/07/2010 09.51     C:\WINDOWS\Temp\6464ae1f-4a04-464a-a136-dd27fd0d1292 --------- 0 
     03/07/2010 18.29     C:\WINDOWS\Temp\71219b7e-120c-4e06-b91f-e16d7da2e6f2 --------- 0 
     03/07/2010 07.55     C:\WINDOWS\Temp\7c64dfc5-41b5-408b-a040-b784b7bd7bc2 --------- 0 
     02/07/2010 10.10     C:\WINDOWS\Temp\d3ab4d55-23fd-4395-b1a5-a211402a3626 --------- 0 
     01/07/2010 18.15     C:\WINDOWS\Temp\7564a895-cf93-434d-b096-a65cb99abbf8 --------- 0 
     01/07/2010 10.41     C:\WINDOWS\Temp\868033e7-53a7-4300-9adb-9acadfe5758d --------- 0 
     30/06/2010 18.29     C:\WINDOWS\Temp\5f24a798-88e3-4201-9cf7-922e42bfc915 --------- 0 
     30/06/2010 08.53     C:\WINDOWS\Temp\8b781fd3-ed71-404e-bf70-814b28533e25 --------- 0 
     29/06/2010 17.51     C:\WINDOWS\Temp\db06245c-abcd-49fb-86d1-950e09d47400 --------- 0 
     29/06/2010 08.45     C:\WINDOWS\Temp\9c751e74-b2a5-49e7-8ac7-cfeb2c150913 --------- 0 
     28/06/2010 17.43     C:\WINDOWS\Temp\06e05713-ece7-4f3c-b679-488153171087 --------- 0 
     28/06/2010 08.53     C:\WINDOWS\Temp\b3c82237-bf3e-4632-b75f-b205520ea860 --------- 0 
     27/06/2010 18.30     C:\WINDOWS\Temp\96677579-d2c6-42da-bbac-4f6eec15201b --------- 0 
     27/06/2010 10.06     C:\WINDOWS\Temp\c3925c10-b2c0-49e6-b950-c75d9b0daaaa --------- 0 
     26/06/2010 19.00     C:\WINDOWS\Temp\d87873dd-bc3c-4569-beff-71aa82e5a88a --------- 0 
     26/06/2010 09.15     C:\WINDOWS\Temp\08e8cbcd-3b44-42c9-bf0f-3d49d0e693f2 --------- 0 
     25/06/2010 20.41     C:\WINDOWS\Temp\8c9d1a03-d995-4a10-8d27-d6414b3e616e --------- 0 
     25/06/2010 10.09     C:\WINDOWS\Temp\53b91546-15f1-43de-bbf6-7c3368304f7d --------- 0 
     24/06/2010 17.49     C:\WINDOWS\Temp\0c7717c4-80ae-41f3-bb69-823b75483862 --------- 0 
     24/06/2010 09.47     C:\WINDOWS\Temp\0d2bb127-9ee2-4dd3-9c1f-f19b2b083702 --------- 0 
     23/06/2010 20.31     C:\WINDOWS\Temp\dd_wcf_retCA538B.txt --------- 4484 
     23/06/2010 20.30     C:\WINDOWS\Temp\ASPNETSetup_00000.log --------- 5158 
     23/06/2010 17.03     C:\WINDOWS\Temp\6e72cc7c-6627-42ba-b946-af35911e4750 --------- 0 
     23/06/2010 09.59     C:\WINDOWS\Temp\e4b7a41f-9959-41fc-a29e-13e58c31a87e --------- 0 
     22/06/2010 18.22     C:\WINDOWS\Temp\0a347b83-4139-478b-8325-cf8e8c8f81ee --------- 0 
     22/06/2010 09.36     C:\WINDOWS\Temp\1938d92f-ee19-459b-8a6a-725140827d7c --------- 0 
     21/06/2010 19.38     C:\WINDOWS\Temp\077c2156-b745-4b6b-9518-36d775cc223f --------- 0 
     21/06/2010 09.48     C:\WINDOWS\Temp\d910c6c8-c37f-467b-a0c7-bd061db546b8 --------- 0 
     20/06/2010 13.05     C:\WINDOWS\Temp\d304a4d9-ebd4-427a-a685-f3f9eb385a89 --------- 0 
     19/06/2010 11.25     C:\WINDOWS\Temp\0578fc4b-798d-43e1-9c3b-df9e0dac3daf --------- 0 
     18/06/2010 20.12     C:\WINDOWS\Temp\dadca259-ce95-4c08-8eaa-ba102883bbac --------- 0 
     18/06/2010 08.28     C:\WINDOWS\Temp\86059762-6d3c-40a0-9b3a-1aef0432d229 --------- 0 
     17/06/2010 18.25     C:\WINDOWS\Temp\27d28a27-31e2-4693-8079-8004e0888a87 --------- 0 
     16/06/2010 22.53     C:\WINDOWS\Temp\f5fe9667-14df-4778-88cf-84f8d1de5d9d --------- 0 
     15/06/2010 17.10     C:\WINDOWS\Temp\7cc389d9-add4-45d0-a88c-4eaa5de3a4d6 --------- 0 
     15/06/2010 10.01     C:\WINDOWS\Temp\fbe43ea2-0d35-44c5-97fb-358a6e4996c4 --------- 0 
     14/06/2010 11.34     C:\WINDOWS\Temp\d0c90122-d046-4504-9676-4205b472cc2e --------- 0 
     13/06/2010 14.44     C:\WINDOWS\Temp\4c72912b-69c1-4551-819b-7fac8beb4190 --------- 0 
     12/06/2010 11.05     C:\WINDOWS\Temp\3c0e4310-17ad-4098-ab2f-5dd70f63a1a8 --------- 0 
    ----------------------------------------
    
     
    C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp
    
     19/08/2010 21.23      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\nst10.tmp --------- 0 
     19/08/2010 21.22      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~nsu.tmp --------- 0 
     19/08/2010 20.06      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AdobeARM.log --------- 157190 
     18/08/2010 22.21      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\msohtml1 --------- 0 
     18/08/2010 11.55      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\WERb2b2.dir00 --------- 0 
     18/08/2010 09.22      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\uninst1.exe --------- 124928 
     18/08/2010 09.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\utt7.tmp --------- 0 
     18/08/2010 09.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\utt7.tmp.bat --------- 53 
     18/08/2010 08.33      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\2.dir --------- 0 
     18/08/2010 08.33      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\2.tmp --------- 0 
     18/08/2010 00.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AAX72.tmp --------- 169324 
     18/08/2010 00.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Uninstall.exe --------- 1592937 
     17/08/2010 09.51      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\hsperfdata_MeinName--------- 0 
     17/08/2010 09.16      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\DFM2HTML_index --------- 0 
     16/08/2010 16.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\info.txt --------- 1969 
     16/08/2010 16.17      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\mia6A.tmp --------- 0 
     16/08/2010 16.05      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\java_install_reg.log --------- 7612 
     14/08/2010 23.41      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\30BF085A.TMP --------- 106 
     13/08/2010 13.10      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat75.tmp --------- 2868 
     13/08/2010 13.10      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat72.tmp --------- 3832 
     13/08/2010 13.10      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat6F.tmp --------- 1244 
     13/08/2010 13.10      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat6C.tmp --------- 9836 
     13/08/2010 13.10      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat69.tmp --------- 5628 
     13/08/2010 13.10      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat66.tmp --------- 1242 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat60.tmp --------- 1388 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat63.tmp --------- 1388 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat5D.tmp --------- 1112 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat5A.tmp --------- 19372 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat56.tmp --------- 1208 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat53.tmp --------- 1264 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat50.tmp --------- 1544 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat47.tmp --------- 4824 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat4D.tmp --------- 6824 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat4A.tmp --------- 5564 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat41.tmp --------- 1232 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat44.tmp --------- 1156 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat3E.tmp --------- 1172 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat38.tmp --------- 1552 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat3B.tmp --------- 1160 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat32.tmp --------- 11948 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat35.tmp --------- 1092 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat2C.tmp --------- 7568 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat2F.tmp --------- 12068 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat29.tmp --------- 1232 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat26.tmp --------- 1724 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat23.tmp --------- 8850 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat1D.tmp --------- 1094 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat20.tmp --------- 1406 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat1A.tmp --------- 1498 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat17.tmp --------- 1094 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat14.tmp --------- 8838 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\dat11.tmp --------- 1318 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\datE.tmp --------- 1498 
     13/08/2010 13.09      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\datB.tmp --------- 1298 
     12/08/2010 20.07      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\TWAIN.LOG --------- 15503 
     12/08/2010 20.06      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Twain001.Mtx --------- 3 
     12/08/2010 20.06      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Twunk001.MTX --------- 156 
     09/08/2010 15.54      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Word8.0 --------- 0 
     09/08/2010 12.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\VGX7E.tmp --------- 505192 
     09/08/2010 12.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\VGX7D.tmp --------- 714093 
     09/08/2010 12.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\VGX7C.tmp --------- 925697 
     07/08/2010 14.34      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\QTStreaming Debug Log.txt --------- 54 
     05/08/2010 00.27      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~DF5439.tmp --------- 98304 
     04/08/2010 00.47      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\VGXE.tmp --------- 106 
     02/08/2010 18.20      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\.cleanup.tmp --------- 0 
     02/08/2010 16.07      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\removefiles.txttemp --------- 2903 
     02/08/2010 16.07      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\persistent_state --------- 16 
     28/07/2010 10.36      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~DF5E51.tmp --------- 98304 
     28/07/2010 03.33      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~DF7BA0.tmp --------- 98304 
     25/07/2010 23.35      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~DFBF1C.tmp --------- 98304 
     21/07/2010 18.56      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~DF46F4.tmp --------- 98304 
     04/07/2010 21.15      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Silverlight0.log --------- 1800 
     04/07/2010 21.15      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\SilverlightMSI.log --------- 1083560 
     03/07/2010 08.59      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\jar_cache7804259014797866714.tmp --------- 5950 
     02/07/2010 11.51      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\wecerr.txt --------- 325 
     02/07/2010 11.51      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Explorer.log --------- 1215 
     01/07/2010 12.27      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\control.xml --------- 12818 
     30/06/2010 13.33      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AdobeARM_NotLocked.log --------- 876 
     30/06/2010 10.15      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\amt.log --------- 15138 
     29/06/2010 20.06      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~DF203C.tmp --------- 16384 
     23/06/2010 22.58      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\113CA8.dmp --------- 3983003 
     23/06/2010 22.58      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\3bc8_appcompat.txt --------- 5584 
     22/06/2010 15.35      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~WRS0000.tmp --------- 228352 
     19/06/2010 17.23      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\temp.png --------- 898432 
     19/06/2010 11.34      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\VBE --------- 0 
     19/06/2010 00.53      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5578T1L1_install_log.txt --------- 14001 
     18/06/2010 00.13      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AAX4F.tmp --------- 36944 
     17/06/2010 21.30      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AAX4B.tmp --------- 36944 
     17/06/2010 21.30      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AAX4A.tmp --------- 36684 
     17/06/2010 20.22      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AAX47.tmp --------- 36944 
     17/06/2010 20.22      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AAX46.tmp --------- 36684 
     17/06/2010 15.21      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\bitrock_installer_1436.log --------- 78043 
     17/06/2010 15.21      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\_uninstall --------- 0 
     17/06/2010 15.21      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\bitrock_installer.log --------- 108 
     17/06/2010 15.21      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\be29e7f1-71ae-4703-50cb-1d52be512f51 --------- 0 
     15/06/2010 15.19      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\SFXA0.tmp --------- 0 
     15/06/2010 15.18      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\MSI8f482.LOG --------- 346 
     14/06/2010 20.44      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Twunk002.MTX --------- 0 
     14/06/2010 20.20      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\MSI7b65e.LOG --------- 346 
     14/06/2010 13.27      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Adobe --------- 0 
     13/06/2010 17.22      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Setup Log 2010-06-13 #002.txt --------- 9511 
     13/06/2010 17.18      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Setup Log 2010-06-13 #003.txt --------- 1344 
     13/06/2010 17.15      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\Setup Log 2010-06-13 #001.txt --------- 1343 
     13/06/2010 11.26      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F2708T1L2_install_log.txt --------- 30950 
     13/06/2010 09.18      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5812T1L1_install_log.txt --------- 11232 
     12/06/2010 13.10      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5717T1L1_install_log.txt --------- 11264 
     12/06/2010 13.00      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5640T1L2_install_log.txt --------- 15170 
     12/06/2010 01.46      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\msohtml --------- 0 
     11/06/2010 14.26      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\is799009782 --------- 0 
     11/06/2010 14.14      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\~D045BE.tmp --------- 106 
     11/06/2010 14.14      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\GLB6A.tmp --------- 71680 
     11/06/2010 13.52      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\ApplicazioniSogei.cfg --------- 335 
     11/06/2010 13.46      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\jusched.log --------- 1539 
     11/06/2010 13.46      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\JAUReg.log --------- 294 
     11/06/2010 13.46      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\AUCHECK_PARSER.txt --------- 222 
     11/06/2010 13.46      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\java_install.log --------- 27146 
     11/06/2010 13.45      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\java_install_sp.log --------- 2024 
     11/06/2010 13.45      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\791169.mst --------- 5079552 
     11/06/2010 13.44      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\jinstall.cfg --------- 1217 
     11/06/2010 13.37      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\lax2B.tmp --------- 4962 
     11/06/2010 13.37      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\I1276256220 --------- 0 
     11/06/2010 13.32      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\lax2A.tmp --------- 4962 
     11/06/2010 13.32      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\I1276255954 --------- 0 
     11/06/2010 12.57      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5208T1L1_install_log.txt --------- 14387 
     11/06/2010 12.21      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5663T1L1_install_log.txt --------- 15357 
     11/06/2010 03.36      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5208T1L2_install_log.txt --------- 14387 
     11/06/2010 02.57      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5736T1L1_install_log.txt --------- 29057 
     11/06/2010 02.33      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\F5064T1L2_install_log.txt --------- 14152 
     11/06/2010 02.16      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\wrd17504b4.~lk --------- 0 
     10/06/2010 16.51      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\netfxupdate.log --------- 6453 
     17/03/2010 12.30      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\_iu14D2N.tmp --------- 674822 
     21/02/2010 12.45      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\stylers.model.xml --------- 95613 
     17/02/2010 11.37      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\uninstbb.exe --------- 473832 
     23/01/2010 20.44      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\langs.model.xml --------- 91251 
     09/07/2009 01.08      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\config.model.xml --------- 4820 
     24/05/2009 12.22      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\stylesLexerModel.xml --------- 244 
     24/05/2009 11.40      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\xmlUpdater.exe --------- 118784 
     25/04/2009 01.39      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\langsModel.xml --------- 191 
     25/04/2009 01.39      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\stylesGlobalModel.xml --------- 192 
     25/04/2009 01.39      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\configModel.xml --------- 193 
     25/04/2009 01.38      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\stylers_remove.xml --------- 821 
     26/07/2002 17.02      C:\DOCUME~1\MEINNAME~1\IMPOST~1\Temp\GLB1A2B.EXE --------- 153088 
    ----------------------------------------
    
     
    C:\Programmi
    
     19/08/2010 20.22     C:\Programmi\Malwarebytes' Anti-Malware --------- 0 
     18/08/2010 13.06     C:\Programmi\trend micro --------- 0 
     18/08/2010 09.32     C:\Programmi\CCleaner --------- 0 
     18/08/2010 09.20     C:\Programmi\DFM2HTML --------- 0 
     16/08/2010 16.18     C:\Programmi\Lavasoft --------- 0 
     11/08/2010 23.45     C:\Programmi\Internet Explorer --------- 0 
     11/08/2010 23.42     C:\Programmi\Movie Maker --------- 0 
     06/08/2010 10.23     C:\Programmi\PeerBlock --------- 0 
     05/07/2010 09.00     C:\Programmi\Microsoft Silverlight --------- 0 
     03/07/2010 13.28     C:\Programmi\Notepad++ --------- 0 
     03/07/2010 08.04     C:\Programmi\phase5 --------- 0 
     02/07/2010 12.38     C:\Programmi\Bradbury --------- 0 
     25/06/2010 17.08     C:\Programmi\Xaldon --------- 0 
     25/06/2010 16.32     C:\Programmi\WinHTTrack --------- 0 
     22/06/2010 21.38     C:\Programmi\My Book --------- 0 
     22/06/2010 21.38     C:\Programmi\InstallShield Installation Information --------- 0 
     05/06/2010 15.19     C:\Programmi\A.F.5 Rename your files 1.1 --------- 0 
     13/06/2010 17.16     C:\Programmi\File comuni --------- 0 
     11/06/2010 14.22     C:\Programmi\PDF Creator --------- 0 
     11/06/2010 14.14     C:\Programmi\Conduit --------- 0 
     11/06/2010 13.47     C:\Programmi\Zero G Registry --------- 0 
     11/06/2010 13.45     C:\Programmi\Java --------- 0 
     09/06/2010 17.27     C:\Programmi\Adobe --------- 0 
     27/05/2010 07.08     C:\Programmi\QuickTime --------- 0 
     27/05/2010 07.07     C:\Programmi\Apple Software Update --------- 0 
     13/05/2010 00.42     C:\Programmi\Outlook Express --------- 0 
     06/05/2010 14.58     C:\Programmi\7-Zip --------- 0 
     18/02/2010 20.29     C:\Programmi\MSBuild --------- 0 
     18/02/2010 20.29     C:\Programmi\Reference Assemblies --------- 0 
     31/01/2010 22.18     C:\Programmi\DivX --------- 0 
     18/12/2009 16.49     C:\Programmi\Real --------- 0 
     18/12/2009 14.34     C:\Programmi\Messenger --------- 0 
     18/12/2009 12.32     C:\Programmi\NetMeeting --------- 0 
     18/12/2009 12.32     C:\Programmi\Windows Media Player --------- 0 
     18/12/2009 12.32     C:\Programmi\Windows NT --------- 0 
     18/12/2009 12.03     C:\Programmi\Microsoft Works --------- 0 
     18/12/2009 12.03     C:\Programmi\Microsoft Visual Studio --------- 0 
     18/12/2009 03.25     C:\Programmi\Microsoft Office --------- 0 
     18/12/2009 00.51     C:\Programmi\xerox --------- 0 
     18/12/2009 00.51     C:\Programmi\Toshiba Connect --------- 0 
     18/12/2009 00.50     C:\Programmi\Servizi in linea --------- 0 
     18/12/2009 00.49     C:\Programmi\Realtek --------- 0 
     18/12/2009 00.49     C:\Programmi\MSN Gaming Zone --------- 0 
     18/12/2009 00.49     C:\Programmi\Microsoft.NET --------- 0 
     18/12/2009 00.49     C:\Programmi\microsoft frontpage --------- 0 
     18/12/2009 00.49     C:\Programmi\ltmoh --------- 0 
     18/12/2009 00.22     C:\Programmi\MSXML 4.0 --------- 0 
     18/12/2009 00.17     C:\Programmi\AVG --------- 0 
     17/12/2009 23.32     C:\Programmi\Intel --------- 0 
     17/12/2009 23.29     C:\Programmi\InterVideo --------- 0 
     31/03/2006 16.51     C:\Programmi\Toshiba --------- 0 
     31/03/2006 16.50     C:\Programmi\Synaptics --------- 0 
     31/03/2006 16.50     C:\Programmi\Sonic --------- 0 
     31/03/2006 16.47     C:\Programmi\ATI Technologies --------- 0 
     17/01/2006 10.55     C:\Programmi\Uninstall Information --------- 0 
     17/01/2006 10.31     C:\Programmi\WindowsUpdate --------- 0 
    ----------------------------------------
    
     
    C:\Documents and Settings\All Users\.. 
    
    MeinName
    All Users    
    LocalService    
    NetworkService    
    Default User    
    ----------------------------------------
    
     
    C:\WINDOWS\system32\drivers\etc\hosts
    
    127.0.0.1       localhost
    
    ----------------------------------------
    
     
    
    Abbildname                  PID Sitzungsname      Sitz.-Nr. Speichernutzung
    ========================= ===== ================ ========== ===============
    System Idle Process           0 Console                   0            16 K
    System                        4 Console                   0       103.000 K
    smss.exe                    588 Console                   0           400 K
    csrss.exe                   652 Console                   0         4.144 K
    winlogon.exe                684 Console                   0         3.076 K
    services.exe                728 Console                   0         3.516 K
    lsass.exe                   740 Console                   0         6.784 K
    ati2evxx.exe                920 Console                   0         2.456 K
    svchost.exe                 936 Console                   0         4.864 K
    svchost.exe                1016 Console                   0         4.480 K
    svchost.exe                1060 Console                   0        21.908 K
    EvtEng.exe                 1116 Console                   0         7.496 K
    S24EvMon.exe               1144 Console                   0         5.712 K
    svchost.exe                1216 Console                   0         3.592 K
    svchost.exe                1316 Console                   0         3.840 K
    avgchsvx.exe               1380 Console                   0        20.700 K
    avgrsx.exe                 1392 Console                   0           680 K
    avgcsrvx.exe               1680 Console                   0         8.464 K
    brsvc01a.exe               2008 Console                   0         1.292 K
    brss01a.exe                2044 Console                   0         2.044 K
    spoolsv.exe                 128 Console                   0         5.932 K
    ati2evxx.exe                144 Console                   0         3.308 K
    svchost.exe                 448 Console                   0         3.804 K
    explorer.exe                468 Console                   0        32.768 K
    avgwdsvc.exe                528 Console                   0         2.496 K
    CFSvcs.exe                  648 Console                   0           716 K
    MDM.EXE                    1476 Console                   0         3.284 K
    RegSrvc.exe                1616 Console                   0         3.000 K
    RTHDCPL.exe                1648 Console                   0        17.704 K
    svchost.exe                 184 Console                   0         4.264 K
    agrsmmsg.exe                208 Console                   0         2.552 K
    TPSMain.exe                 288 Console                   0         4.176 K
    TAPPSRV.exe                 292 Console                   0         1.672 K
    wdfmgr.exe                  968 Console                   0         1.788 K
    iFrmewrk.exe               1260 Console                   0        12.048 K
    avgtray.exe                1544 Console                   0         2.488 K
    avgemc.exe                 1356 Console                   0           732 K
    avgnsx.exe                 1612 Console                   0           240 K
    ctfmon.exe                 1624 Console                   0         3.304 K
    avgcsrvx.exe               2292 Console                   0         4.268 K
    TPSBattM.exe               2300 Console                   0         2.556 K
    alg.exe                    3500 Console                   0         3.544 K
    Dot1XCfg.exe               2972 Console                   0         7.968 K
    cmd.exe                    3824 Console                   0         2.544 K
    tasklist.exe               2080 Console                   0         4.532 K
    wmiprvse.exe                580 Console                   0         5.792 K
    
     
    ***** Ende des Scans 19/08/2010 um 22.17.57,59 ***

    6. CCleaner Log
    Code:
    7-Zip 4.65		
    A.F.5 Rename your files 1.1	Alex Fauland	1.1.0.0
    Ad-Aware	Lavasoft	
    Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	10.1.82.76
    Adobe Photoshop 5.5	Adobe Systems, Inc.	5.5
    Adobe Reader 9.3.3 - Italiano	Adobe Systems Incorporated\0	9.3.3
    Adobe Shockwave Player 11.5	Adobe Systems, Inc.	11.5.6.606
    Apple Application Support	Apple Inc.	1.2.1
    Apple Software Update	Apple Inc.	2.1.1.116
    ATI - Programma di disinstallazione		6.14.10.1014
    ATI Catalyst Control Center		1.2.2180.38582
    ATI Display Driver		8.204-051220a1-029876C-Toshiba
    AVG Free 9.0	AVG Technologies	
    Bluetooth Stack for Windows by Toshiba		v4.00.23(T)
    CCleaner	Piriform	2.34
    DFM2HTML v4.3		
    DFM2HTML v4.4		
    DirectX10 RC2 Pre Fix 3		
    DivX Codec	DivX, Inc.	6.9.1
    DivX Converter	DivX, Inc.	7.1.0
    DivX Player	DivX, Inc.	7.2.0
    DivX Plus DirectShow Filters	DivX, Inc.	
    DivX Plus Web Player	DivX,Inc.	2.0.0
    High Definition Audio Driver Package - KB888111	Microsoft Corporation	20040219.000000
    Intel(R) PRO Network Connections Drivers		
    InterVideo WinDVD Creator 2	InterVideo Inc.	2.0.14.376
    InterVideo WinDVD for TOSHIBA	InterVideo Inc.	5.0-B11.533
    Java(TM) 6 Update 20	Sun Microsystems, Inc.	6.0.200
    Macromedia Flash Player	Macromedia, Inc.	7.0.19.0
    Malwarebytes' Anti-Malware	Malwarebytes Corporation	
    Manuali TOSHIBA	TOSHIBA	7.05
    Microsoft .NET Framework 1.1		
    Microsoft .NET Framework 1.1 Italian Language Pack	Microsoft	1.1.4322
    Microsoft .NET Framework 2.0 Service Pack 2	Microsoft Corporation	2.2.30729
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA	Microsoft Corporation	2.2.30729
    Microsoft .NET Framework 3.0 Service Pack 2	Microsoft Corporation	3.2.30729
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA	Microsoft Corporation	3.2.30729
    Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)	Microsoft Corporation	
    Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	
    Microsoft Office OneNote 2003	Microsoft Corporation	11.0.6360.0
    Microsoft Office Professional Edition 2003	Microsoft Corporation	11.0.5614.0
    Microsoft Silverlight	Microsoft Corporation	4.0.50524.0
    Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	8.0.59193
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	9.0.30729
    Modulo sicuro SD	TOSHIBA Corporation	1.0.3
    MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	4.20.9870.0
    MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	4.20.9876.0
    Notepad++		5.6.8
    PeerBlock 1.0+ (r404)	PeerBlock, LLC	1.0.0.404
    Phase 5 HTML-Editor	Systemberatung Schommer	5.6.2.3
    QuickTime	Apple Inc.	7.66.71.0
    RealPlayer	RealNetworks	
    Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	2.02
    Risparmio energetico TOSHIBA		7.03.07.I
    Silenziatore unità CD/DVD	TOSHIBA	1.00.008
    Software Intel(R) PROSet/Wireless	Intel Corporation	10.01.0000
    Sonic DLA	Sonic Solutions	5.2.0
    Sonic RecordNow!	Sonic Solutions	7.31
    Suono virtuale TOSHIBA		
    Synaptics Pointing Device Driver	Synaptics	8.2.9.0
    Texas Instruments PCIxx21/x515/xx12 drivers.	Texas Instruments Inc.	1.16.0000
    TopStyle Lite (Version 3.0)	Bradbury Software, LLC	3.1.0
    TOSHIBA Assist		
    TOSHIBA ConfigFree		5.90.05
    Toshiba Connect		
    TOSHIBA Controls		
    TOSHIBA Hotkey Utility		1.00.01ST
    TOSHIBA SD Memory Card Format		
    TOSHIBA Software Modem		2.1.62 (SM2162ALD04)
    TOSHIBA TouchPad ON/Off Utility		1.00.01ST
    TOSHIBA Utilities		1.00.07ST
    TOSHIBA Zooming Utility		
    Utilità di diagnostica del PC TOSHIBA		
    WD Backup	ArcSoft	
    WD Firewire HID Driver	Nome società	1.04.0001
    Windows Internet Explorer 8	Microsoft Corporation	20090308.140743
    Windows XP Service Pack 3	Microsoft Corporation	20080413.144514
    WinHTTrack Website Copier 3.43-9C	HTTrack	3.43.9
    Xaldon WebSpider 2
    Danke für Alles!
    Geändert von idila (19.08.2010 um 23:28 Uhr)

  4. #4
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.772

    AW: Malware, Viren, Troianer?

    Zitat Zitat von idila Beitrag anzeigen
    1. Habe Lavasoft und AVG-Dienst über Services.msc deaktiviert
    AVG ist dein AV-programm..warum hast Du ihn deaktiviert?
    Ad-Aware v. Lavasoft würde ich komplett vom System deinstallieren (vorher schauen, ob in der Quarantäne befindet sich noch etwas?)

    Systemprüfung und Reinigung:

    Ab jetzt sofort gilt, bis zum Ende der Reinigung>:
    Hast Du externe Festplatte, USB-Sticks und/oder andere externe Speichermedien? Bitte immer (über die ganze Reinigungszeit!!) anschließen,damit gescannt werden kann.- alle Wechseldatenträger und immer bei gedrückter Shift-Taste am USB-Anschluss des Rechners einstecken! - So verhindest Du die Ausführung der AUTORUN-Funktion -> Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung
    1.
    **Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
    **lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - (Inhalt markieren und löschen)
    **Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.
    • klick auf START -> ausführen (schreib rein): cleanmgr -> ok.[/b]Vergewissere dich, dass die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) geleert werden.
      Klicke ok.
    • gehe auf START -> ausführen (schreib rein): %temp% -> ok.[/b]
      Ordnerinhalt markieren dann löschen - Du leerst damit den/die Ordner C:\DOKUME~1\Dein Name\LOKALE~1\Temp\
    • Mach das für jedes Benutzerkonto.
    • Danach soll auch der Papierkorb geleert werden


    2.
    Öffne CCleaner - Anleitung CCleaner
    • "Cleaner"->"Analysieren"->Klick auf den Button "Start CCleaner"
    • "Registry""Fehler suchen"-> "Fehler beheben"->"Alle beheben"
    • Starte dein System neu auf


    3.
    Grundreinigung mit SUPERAntiSpyware
    • Bitte lade Dir SUPERAntiSpyware FREE Edition herunter.
    • Das Programm ist geeignet für: Windows 98, 98SE, ME, 2000, 2003, XP und Vista.
    • Installiere das Programm und lasse das Programm die neuesten Definition und Updates laden.
    • Eine bebilderte Anleitung findest Du hier.
    • Schließe alle Anwendungen inkl. Browser.
    • Öffne SUPERAntiSpyware und klicke auf Ihren Computer durchsuchen.
    • Setze ein Häkchen bei Kompletter Scan und klicke auf Weiter.
    • Wenn der Suchlauf beendet ist, wird Dir eine Übersicht mit den Funden angezeigt, die Du mit OK zur Kenntnis nimmst.
    • Achte darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf Weiter und OK.
    • Klicke auf Fertig stellen, was Dich ins Hauptfenster bringt.
    • Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
    • Um das Logfile zu erhalten, musst du erst auf Präferenzen und dann auf den Statistiken und Protokolle klicken.
    • Klicke auf das datierte Logfile, drücke auf Protokoll anzeigen. Nun erscheint ein Textfenster.
    • Bitte kopiere diesen Bericht hier in den Thread.


    4.
    ♦ Also schließe jetzt weiterhin alle externe Datenträger an Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung
    ♦ Prüfe Deinen Rechner jetzt, auf Viren, Trojaner, Würmer und anderen Schadcode, mit dem kostenlosen Online Virenscanner von Kaspersky - ohne Säuberung, also Virenfunde können nicht entfernt werden, das machen wir dann andersrum!

    • User v. Vista und WIN7: Rechtsklick auf das Browser-Icon -> "als Administrator ausführen" wählen
    • muss den Internet Explorer von Microsoft verwendet werden
    • setze die Sicherheitseinstellungen im IE - Anleitung/paules-pc-forum - im IE zurück auf "Mittel" ► IE-> Extras-> Internetoptionen-> Sicherheit-> Internet-> Stufe...
    • erlaube ActiveX-Komponente "► Download von signierten ActiveX-Steuerelementen zulassen " - Dies ist notwendig, damit auf deine Festplatte zugegriffen werden kann
    • während der Scans andere Schutzprogramme (Antivirus und Spyware Programme), Skriptblocking usw abstellen! ►Am Ende des Scans nicht vergessen sofort erneut aktivieren!
    • klicke auf diesen Link um ► Kaspersky Online Scanner zu starten -> Diese Anleitung am besten vorher ansehen: ► Bebilderte Anleitung
    • dann auf Accept, um die Installation fortzusetzen
    • nach dem automatischen Download der neuen Virendefinitionen beendet, wähle "My Computer" aus
    • wenn der Scanvorgang beendet ist, um die Ergebnisse zu speichern: klicke auf "View Scan Report" -> "Save as"
    • speicher dies auf Deinen Desktop ► wähle "Datei Speichern unter..."► "Dateityp: Textdateien (*.txt)"
    • vergiss nicht, die Sicherheitseinstellungen im IE nach dem Scan wieder hochzustellen! ► Anleitung
    • abhängig von der Größe deines Betriebssystems (dh die Menge der Dateien, etc.), die Scan-Zeit variieren
    • anschließend bitte das Ergebnis in Deinem Thread hier posten!
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  5. #5
    Einsteiger
    Registriert seit
    18.08.2010
    Beiträge
    7

    AW: Malware, Viren, Troianer?

    Zitat von idila: 1. Habe Lavasoft und AVG-Dienst über Services.msc deaktiviert
    Zitat von argos: AVG ist dein AV-programm..warum hast Du ihn deaktiviert?
    Ach, da war mir noch was von gestern im Kopf, als ich gelesen hatte, alle abzustellen. Sorry.


    Zitat von argos: Ad-Aware v. Lavasoft würde ich komplett vom System deinstallieren (vorher schauen, ob in der Quarantäne befindet sich noch etwas?)
    Ad-Aware deinstalliert und vorher Quarantäne kontrolliert (war leer).


    Zitat von argos: Hast Du externe Festplatte, USB-Sticks und/oder andere externe Speichermedien? Bitte immer anschließen, damit gescannt werden kann.
    Beim SuperAntiSpy habe ich meinen externen Harddisc MyBook angeschlossen (meine Backups), allerdings war Autorun nicht durch Shift-Taste zu stoppen, oder vielleicht doch, da ich nicht weiß, was hier Autorun ist: das Menü, das aufgeht und wo ich aussuchen kann, was ich machen will (brennen, öffnen, kopieren ...)? Wenn das der Autorun ist, dann ging das Menüaufgehen nicht stoppen, allerdings habe ich das Menüfenster einfach geschlossen, ohne eine Operation auszuführen, ist er damit auch gestoppt? Ich habe jedenfalls Shift gedrückt gehalten. Der Harddisc F: ist gescannt worden, habe es gesehen, da erscheinen auch verdächtige Objekte aus F: im Log.
    Meine USB habe ich alle gestern formattiert.


    Zu den neuen Logs
    1. cleanmgr durchgeführt und alles bereinigt.
    %temp% eingegeben + C:\DOKUME~1\Mein Name\LOKALE~1\Temp\ gelöscht.

    2. CCleaner Register durchgeführt und alle obsolete gelöscht und Papierkorb geleert.

    3. SUPERAntiSpyware laufen lassen, alles andere war geschlossen.
    Code:
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    
    Generated 08/20/2010 at 04:46 PM
    
    Application Version : 4.41.1000
    
    Core Rules Database Version : 5347
    Trace Rules Database Version: 3198
    
    Scan type       : Complete Scan
    Total Scan Time : 01:19:25
    
    Memory items scanned      : 465
    Memory threats detected   : 0
    Registry items scanned    : 6856
    Registry threats detected : 0
    File items scanned        : 44998
    File threats detected     : 17
    
    Adware.Tracking Cookie
    	ia.media-imdb.com [ C:\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\G59TVNSZ ]
    	media.mtvnservices.com [ C:\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\G59TVNSZ ]
    	s0.2mdn.net [ C:\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\G59TVNSZ ]
    	secure-us.imrworldwide.com [ C:\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\G59TVNSZ ]
    	140.memecounter.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
    	73.memecounter.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
    	cdn1.eyewonder.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
    	cdn4.specificclick.net [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
    	googleads.g.doubleclick.net [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
    	imagesrv.adition.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
    	m.uk.2mdn.net [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
    	media.mtvnservices.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
    	media.scanscout.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
    	media01.kyte.tv [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
    	memecounter.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
    	objects.tremormedia.com [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]
    	udn.specificclick.net [ F:\17-10-2009 Programmi\C\Documents and Settings\MeinName\Dati applicazioni\Macromedia\Flash Player\#SharedObjects\GZVZC2QZ ]

    4. Kaspersky Log
    Code:
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
     Saturday, August 21, 2010
     Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
     Kaspersky Online Scanner version: 7.0.26.13
     Last database update: Friday, August 20, 2010 13:39:15
     Records in database: 4129936
    --------------------------------------------------------------------------------
    
    Scan settings:
    	scan using the following database: extended
    	Scan archives: yes
    	Scan e-mail databases: yes
    
    Scan area - My Computer:
    	C:\
    	D:\
    	E:\
    	F:\
    
    Scan statistics:
    	Objects scanned: 186328
    	Threats found: 3
    	Infected objects found: 8
    	Suspicious objects found: 0
    	Scan duration: 04:18:31
    
    
    File name / Threat / Threats count
    C:\Documents and Settings\Mein Name\Documenti\Reflet\Reflet-de.zip	
    Infected: Trojan-Spy.Win32.KeyLogger.hfa	1
    
    C:\Programmi\Toshiba Connect\InstID.exe	
    Infected: not-a-virus:Dialer.Win32.InterDialer.a	1
    
    C:\System Volume Information\_restore{00228FAC-3D60-4E3D-A9AA-E6622D9240A7}\RP204\A0045400.exe	
    Infected: Backdoor.Win32.Bifrose.cpkl	1
    
    C:\System Volume Information\_restore{00228FAC-3D60-4E3D-A9AA-E6622D9240A7}\RP204\A0045483.exe	
    Infected: not-a-virus:Dialer.Win32.InterDialer.a	1
    
    F:\16-10-2009 Dati\C\Documents and Settings\Mein Name\Documenti\Reflet\Reflet.exe	
    Infected: Trojan-Spy.Win32.KeyLogger.hfa	1
    
    F:\16-10-2009 Dati\C\Documents and Settings\Mein Name\Documenti\Reflet exe\Reflet.exe	
    Infected: Trojan-Spy.Win32.KeyLogger.hfa	1
    
    F:\20-03-2010\Documenti\Reflet\Reflet-de.zip	
    Infected: Trojan-Spy.Win32.KeyLogger.hfa	1
    
    F:\22-06-2010\C\Documents and Settings\Mein Name\Documenti\Reflet\Reflet-de.zip	
    Infected: Trojan-Spy.Win32.KeyLogger.hfa	1
    
    Selected area has been scanned.

    Ich habe einige dicke Ordner in C:/Windows, ich frage mich, ob es stimmt:
    1) dass die versteckten Ordner in C:/Windows, die mit "$Nt" beginnen (Beispiel: $NtUninstallKB873333$), alle mit blauer Schrift, Kopien von Updates zum eventuellen Deinstallieren von schief gegangene Updates sind und daher gelöscht werden können?
    2) dass die Ordner C:/Windows "IE8" (versteckter Ordner) und "IE8 Updates" ebenfalls gelöscht werden können?
    3) das alles im "C:\WINDOWS\SoftwareDistribution" gelöscht werden kann - soweit es denn geht?
    4) das System Volume Information geleert werden kann, meiner hat 9 Gb, kann ich am Ende des Reinigungsprozesses alle löschen?


    Wegen der Frage zum C:/Recycler S-1-5-21-2767231553-2537787753-3555782994-1006 meines letzten Postings, das hat sich gelöst, der scheint nur virusverdächtig zu sein, wenn in diesem Recycler ein weiterer Recycler oder Ordner mit solch einem Namen drinnen ist, und das ist nicht der Fall.

    Wieder mal Dank für die viele Hilfe!
    Geändert von idila (21.08.2010 um 01:17 Uhr)

  6. #6
    Einsteiger
    Registriert seit
    18.08.2010
    Beiträge
    7

    AW: Malware, Viren, Troianer?

    Hallo Argos,
    kann ich die infizierten Sachen weglöschen? Viele wiederholen sich auf dem Laufwerk F: (externer Harddisc) da ich da meine Backups habe.

    Habe mir die Listen der verdächtigen Objekte angeguckt, wenn ich die Objekte lösche (scheinen löschbar zu sein), bin ich dann Backdoor, Tracking Cookies und KeyLogger los? Arbeitet ein KeyLogger immer oder nur wenn das jeweilige Programm benutzt wird?

    Danke für deine so wertvolle Hilfe!

  7. #7
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.772

    AW: Malware, Viren, Troianer?

    Zitat Zitat von idila Beitrag anzeigen
    Arbeitet ein KeyLogger immer oder nur wenn das jeweilige Programm benutzt wird?
    Hier kannst Du alles wichtige dazu nachlesen::-> http://de.wikipedia.org/wiki/Keylogger
    1.
    Schließe jetzt alle externe Datenträgeran Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

    2.
    Malware-Scan mit a-squared Free

    Ohne Hintergrundwächter durchsucht a-squared Free den Computer auf Befall von Trojanern, Spyware, Adware, Würmern, Keyloggern, Rootkits, Dialern und anderen schädlichen Programmen.

    Lade a-squared Free von Emsisoft herunter und installiere das Programm. Nach der Installation die Signaturen updaten und den Rechner komplett scannen lassen. Am Ende des Scans alle Funde löschen lassen und über den Button "Bericht speichern" das Logfile auf Desktop speichern und hier in den Thread posten.
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  8. #8
    Einsteiger
    Registriert seit
    18.08.2010
    Beiträge
    7

    AW: Malware, Viren, Troianer?

    Hier kannst Du alles wichtige dazu nachlesen::-> http://de.wikipedia.org/wiki/Keylogger
    Das hatte ich gelesen, aber mir ist nicht klar, ob die immer arbeiten oder nur, wenn das Programm, wo sie drin stecken, arbeitet. Arbeiten sie immer?


    Emsisoft Log
    Code:
    Emsisoft Anti-Malware - Versione 5.0
    Ultimo aggiornamento: 26/08/2010 19.34.56
    
    Impostazioni scansione:
    
    Tipo scansione: N/A
    Oggetti: Memoria, Tracce, Cookies, C:\, F:\
    Archivio scansioni: Off
    Euristica: Off
    Scansione ADS: On
    
    Scansione avviata:	26/08/2010 19.35.05
    
    C:\Programmi\Toshiba Connect\InstID.exe 	
    rilevati: Riskware.Dialer.Win32.InterDialer!IK
    F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\...\Xor2 Freischaltung\xor2.exe 	
    rilevati: Backdoor.Win32.Cmjspy!IK
    F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\...\xor2.exe 	
    rilevati: Backdoor.Win32.Cmjspy!IK
    F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\...\DeaM.exe 	
    rilevati: Trojan-Dropper.Delf!IK
    F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\Reflet\Reflet.exe 	
    rilevati: Trojan-Spy.Win32.KeyLogger!IK
    F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\Reflet exe\Reflet.exe 	
    rilevati: Trojan-Spy.Win32.KeyLogger!IK
    
    Scansionati
    
    File: 	190345
    Tracce: 	724564
    Cookies: 	0
    Processi: 	45
    
    Rilevato
    
    File: 	6
    Tracce: 	0
    Cookies: 	0
    Processi: 	0
    Chiavi di Registro: 	0
    
    Fine scansione:	26/08/2010 22.34.18
    Tempo scansione:	2:59:13
    
    F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\Reflet\Reflet.exe
    	In quarantena Trojan-Spy.Win32.KeyLogger!IK
    F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\Reflet exe\Reflet.exe	
    In quarantena Trojan-Spy.Win32.KeyLogger!IK
    F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\...\DeaM.exe	
    In quarantena Trojan-Dropper.Delf!IK
    F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\...\xor2 Freischaltung\xor2.exe	
    In quarantena Backdoor.Win32.Cmjspy!IK
    F:\16-10-2009 Dati\C\Documents and Settings\MeinName\Documenti\...\xor2.exe	
    In quarantena Backdoor.Win32.Cmjspy!IK
    C:\Programmi\Toshiba Connect\InstID.exe	
    In quarantena Riskware.Dialer.Win32.InterDialer!IK
    
    In quarantena
    
    File: 	6
    Tracce: 	0
    Cookies: 	0

    Ich habe dann alle aus der Quarantäne gelöscht. Übrigens, das a-squared Free ist in Emsisoft integriert worden, man muß also nun Emsisoft Malware downladen (das kriegt man aber erst gesagt, wenn man die 82 Mb a-squared downgeladen und installiert hat, etwas doof, aber dafür free und großartig).

    Ich vergleiche nun die Logs und lösche alles wo was steckt, vor allem die mit dem Keylogger, das wird nun Zeit.
    Müßte ich noch etwas machen?
    Und kann ich die Ordnerinhalte System Volume, Software Dist und Ie8 löschen, wie im vorherigen Post beschrieben? Das hatte ich gelesen, aber weiß nicht, ob das auch stimmt.

    Vielen Dank für deine Zeit!
    Geändert von idila (27.08.2010 um 00:34 Uhr)

  9. #9
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.772

    AW: Malware, Viren, Troianer?

    Zitat Zitat von idila Beitrag anzeigen
    Das hatte ich gelesen, aber mir ist nicht klar, ob die immer arbeiten oder nur, wenn das Programm, wo sie drin stecken, arbeitet. Arbeiten sie immer?
    das Programm ist ein selbständiges Animations-Progamm (zur erstellung von Wasserbildern)?
    Keylogger arbeitet ja ständig und unauffällig

    Zitat Zitat von idila Beitrag anzeigen
    Übrigens, das a-squared Free ist in Emsisoft integriert worden, man muß also nun Emsisoft Malware downladen (das kriegt man aber erst gesagt, wenn man die 82 Mb a-squared downgeladen und installiert hat, etwas doof, aber dafür free und großartig).
    ja, habe mir auch gleich ausprobiert, werd ich darauf in Zukunft verzichten
    Zitat Zitat von idila Beitrag anzeigen
    Und kann ich die Ordnerinhalte System Volume, Software Dist und Ie8 löschen, wie im vorherigen Post beschrieben? Das hatte ich gelesen, aber weiß nicht, ob das auch stimmt.
    Tipps dazu hier:-> hier:-> http://www.wintotal.de/tipparchiv/?TID=931
    Geändert von kira (27.08.2010 um 05:47 Uhr)
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  10. #10
    Einsteiger
    Registriert seit
    18.08.2010
    Beiträge
    7

    AW: Malware, Viren, Troianer?

    Zitat von argod: Das Programm ist ein selbständiges Animations-Progamm (zur Erstellung von Wasserbildern)?
    Exakt, Reflet hatte grad mal 560 kb, wird nicht installiert, also läuft alleine, und hat super Effekte gemacht und war natürlich Freeware. Es wird (oder wurde vor 3 Jahren jedenfalls) überall angepriesen, auch auf niveauvollen Designerseiten.

    Keylogger arbeitet ja ständig und unauffällig.
    ... ok.

    Zitat von idila: a-squared Free ist in Emsisoft integriert worden.
    Zitat von argos: werd ich darauf in Zukunft verzichten
    Oder gleich den Link zu Emsisoft Anti-Malware angeben (von den Mb ist es ja fast dasselbe, nämlich 85 Mb): hier, für Windows, man hat 3 Tage Probezeit. Das Emsisoft Anti Malware gibt es auch als Kid (106 Mb) (für den USBstick), hier für Windows.


    Danke für den Link "Löschen System Volume...", alles gelöscht, schwuppdiwupp ...

    Argos, vielen Dank für die Hilfe!!! Wie kann ich das gut machen? Kann Italienisch und Photoshop sehr gut, falls du mal eine Übersetzung oder eine Bildbearbeitung brauchst, schreib mich an

    Schönes Wochenende
    Gruß idila

Seite 1 von 2 12 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. immer wieder viren und malware
    Von Clido im Forum Archiv
    Antworten: 5
    Letzter Beitrag: 16.07.2010, 22:56
  2. Antworten: 3
    Letzter Beitrag: 10.06.2010, 00:02
  3. Viren, Malware, Backdoor...
    Von Lagoon im Forum Archiv
    Antworten: 4
    Letzter Beitrag: 11.10.2009, 18:30
  4. Antworten: 3
    Letzter Beitrag: 04.09.2007, 01:06
  5. Antworten: 32
    Letzter Beitrag: 23.04.2006, 10:28

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •