Ich benötige bitte Hilfe bei folgendem Problem:
Ich habe bei meinen Virenscanner laufen lassen und dieser hat eine Adware Bedrohung ausfindig gemacht (Adware.Gator). Die dll Datei liegt in C:\Programme\Gemeinsame Dateien\CMEII. Von dort habe ich mal einfach die Datei entfernt (lag dann mal im Papierkorb). Danach wollte ich den Papierkorb leeren und die Date war nicht mehr da.
Noch was anderes: Was ist dieser CMEII-Ordner für ein Ordner?? Brauch ich den oder gehört der irgendwie zu GAINwares oder so dazu??
Bitte helft mir!!!
mfg eromon
Warum kostenlos registrieren?
Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.
Login
Problem mit einer Adware Bedrohung von Gain Network
10 Beiträge • Seite 1 von 1
von Nikita am 13.08.2004, 23:24
Gehe in den abgesicherten Modus
http://www.bsi.de/av/texte/winsave.htm
#select 'Control Panel' and open the 'Add/Remove Programs' utility.
(deinstallieren Gator--Gator.com applications - Date Manager, Precision Time or Gator eWallet.
#Gehe in die Registry
Start<Ausfuehren<regedit
loesche jeweils auf der rechten Seite der Registry den Eintrag:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"CMESys" oder "GMT"
HKEY_CLASSES_ROOT\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com
HKEY_LOCAL_MACHINE\SOFTWARE\GatorTest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"Trickler" oder 'fsg_'.
HKEY_CLASSES_ROOT\clsid\{06dfeda9-6196-11d5-bfc8-00508b4a487d}
HKEY_CLASSES_ROOT\clsid\{29eeff42-f3fa-11d5-a9d5-00500413153c}
HKEY_CLASSES_ROOT\clsid\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}
HKEY_CLASSES_ROOT\clsid\{4006e7b2-0fb2-4345-b388-083b138e80af}
HKEY_CLASSES_ROOT\clsid\{456ba350-947f-4406-b091-aa1c6678ebe7}
HKEY_CLASSES_ROOT\clsid\{54e7e082-1da6-412e-96b5-c290fcef5329}
HKEY_CLASSES_ROOT\clsid\{6c8dbec0-8052-11d5-a9d5-00500413153c}
HKEY_CLASSES_ROOT\clsid\{731918d2-517a-47e2-886a-3bc1380c591d}
HKEY_CLASSES_ROOT\clsid\{a9ef28a2-55d1-480b-a403-84928d59f556}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\&programs\gain
gib dann <gator< oben links in die Suchfunktion der Registry ein und loesche alles, was du findest
schliesse die Registry
#Suche und loesche:
Fsg.exe
Fsg_3202.exe
Trickler.exe.
...............................................................................................................
#lade AdAware free......scanne <alle Dateien<
http://www.lavasoft.de/support/download/
#Lade das HijackThis, scanne, save und kopiere das Log ins Forum.
Downloadlink:
http://www.downloads.subratam.org/hijackthis.zip
mfg
Nikita
http://www.bsi.de/av/texte/winsave.htm
#select 'Control Panel' and open the 'Add/Remove Programs' utility.
(deinstallieren Gator--Gator.com applications - Date Manager, Precision Time or Gator eWallet.
#Gehe in die Registry
Start<Ausfuehren<regedit
loesche jeweils auf der rechten Seite der Registry den Eintrag:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"CMESys" oder "GMT"
HKEY_CLASSES_ROOT\CLSID\{21FFB6C0-0DA1-11D5-A9D5-00500413153C}
HKEY_LOCAL_MACHINE\SOFTWARE\Gator.com
HKEY_LOCAL_MACHINE\SOFTWARE\GatorTest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\"Trickler" oder 'fsg_'.
HKEY_CLASSES_ROOT\clsid\{06dfeda9-6196-11d5-bfc8-00508b4a487d}
HKEY_CLASSES_ROOT\clsid\{29eeff42-f3fa-11d5-a9d5-00500413153c}
HKEY_CLASSES_ROOT\clsid\{38493f7f-2922-4c6c-9a9a-8da2c940d0ee}
HKEY_CLASSES_ROOT\clsid\{4006e7b2-0fb2-4345-b388-083b138e80af}
HKEY_CLASSES_ROOT\clsid\{456ba350-947f-4406-b091-aa1c6678ebe7}
HKEY_CLASSES_ROOT\clsid\{54e7e082-1da6-412e-96b5-c290fcef5329}
HKEY_CLASSES_ROOT\clsid\{6c8dbec0-8052-11d5-a9d5-00500413153c}
HKEY_CLASSES_ROOT\clsid\{731918d2-517a-47e2-886a-3bc1380c591d}
HKEY_CLASSES_ROOT\clsid\{a9ef28a2-55d1-480b-a403-84928d59f556}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\&programs\gain
gib dann <gator< oben links in die Suchfunktion der Registry ein und loesche alles, was du findest
schliesse die Registry
#Suche und loesche:
Fsg.exe
Fsg_3202.exe
Trickler.exe.
...............................................................................................................
#lade AdAware free......scanne <alle Dateien<
http://www.lavasoft.de/support/download/
#Lade das HijackThis, scanne, save und kopiere das Log ins Forum.
Downloadlink:
http://www.downloads.subratam.org/hijackthis.zip
mfg
Nikita
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
adaware6.0 installiert
von eromon am 16.08.2004, 21:12
Ich hab mir adaware 6.0 installiert und es wurden registry keys und registry values, ebenso files and folders entdeckt. So meine Frage ist nun kann ich die BEDENKENLOS mit adaware vom pc entfernen ohne dass mir danach mein pc abstürzt oder???
mfg eromon
mfg eromon
- eromon
- Beiträge: 17
- Registriert: 13.08.2004, 21:20
- Wohnort: Wien
von Nikita am 16.08.2004, 22:49
Hallo @eromon
Wegen der Entfernung von Spyware ist noch kein Computer abgestuerzt.
Nach der Reinigung poste dann bitte das Log vom HijackThis
Downloadlink:
http://www.downloads.subratam.org/hijackthis.zip
entpacke, scann<save und kopiere das Log mit der Maus ins Forum
mfg
Nikita
Wegen der Entfernung von Spyware ist noch kein Computer abgestuerzt.
Nach der Reinigung poste dann bitte das Log vom HijackThis
Downloadlink:
http://www.downloads.subratam.org/hijackthis.zip
entpacke, scann<save und kopiere das Log mit der Maus ins Forum
mfg
Nikita
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
mein hijackthis logfile
von eromon am 18.08.2004, 10:49
Hi Nikita!!!
Danke für Deine Hilfe!!! Also hier hast Du meine Logfile:
Logfile of HijackThis v1.97.7
Scan saved at 10:46:23, on 18.08.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Mixer.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Nikon\NkView6\NkvMon.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Downloads\Security Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.chello.at/search/at_iesearch.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jaming.at.tt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.chello.at/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von chello broadband
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [CQIS] C:\WINDOWS\CQIS.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=081704 serial=DR12CNC-8322248-NFT lang=DE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Programme\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programme\Nikon\NkView6\NkvMon.exe
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Real.com (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.chello.at/
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
mfg eromon
Danke für Deine Hilfe!!! Also hier hast Du meine Logfile:
Logfile of HijackThis v1.97.7
Scan saved at 10:46:23, on 18.08.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Mixer.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Nikon\NkView6\NkvMon.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Downloads\Security Programs\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.chello.at/search/at_iesearch.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jaming.at.tt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.chello.at/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von chello broadband
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [CQIS] C:\WINDOWS\CQIS.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=081704 serial=DR12CNC-8322248-NFT lang=DE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\Programme\Lavasoft\Ad-aware 6\Ad-aware.exe" "+b1"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programme\Nikon\NkView6\NkvMon.exe
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Real.com (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.chello.at/
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
mfg eromon
- eromon
- Beiträge: 17
- Registriert: 13.08.2004, 21:20
- Wohnort: Wien
von Nikita am 18.08.2004, 11:49
Hallo @eromon
Wenn du genau machst, was ich poste, bekommen wir den Computer sauber....
Scanne mit dem HijackTis, hake an, was ich poste, dann <fix< und sofort den Computer neu starten.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.chello.at/search/at_iesearch.htm
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [CQIS] C:\WINDOWS\CQIS.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
neustarten
..................................................................................................................................
ENTFERNEN Adware.IGetNet
#Gehe mal in die Host-Datei (mit Editor oeffen )
schau mal in c:\Windows\System32\drivers\etc\hosts
loesche, ganz wichtig :
216.177.73.139 auto.search.msn.com
216.177.73.139 search.netscape.com
216.177.73.139 ieautosearch
Im Normalfall sollte dass hier drin stehen,
127.0.0.1 localhost
Orginal Host Datei
...................................................................................................................................
Lade dieses Tool,
http://www.diamondcs.com.au/index.php?page=apm
---- klicke die einzelnen Explorerprozesse an, bis du findest: Bho.dll und Rsp.dll, dann druecke auf <unload<
Start<Ausfuehren<regedit
Dann gehe in die Registry und loesche alles, was du findest(auf der rechten Seite )
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\
Browser Helper Objects\{730F2451-A3FE-4A72-938C-FC8A74F15978
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{730F2451-A3FE-4A72-938C-FC8A74F15978}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{676058E4-89BD-11D6-8A8C-0050BA8452C0}
HKEY_LOCAL_MACHINE\software\Classes\BHO.clsUrlSearch
HKEY_LOCAL_MACHINE\software\Classes\Rsp.BizLgk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Winstart"="%system%\Winstart001.exe –boot"
Schliesse die Registry
neustarten!!!!!
#Suche (mit der Suchfunktion von Windows)und loesche:
C:\WINDOWS\system32\Bho.dll
C:\WINDOWS\system32\Rsp.dll
C:\WINDOWS\system32\Winstart.exe
es kann auch sein, die Namen der Malware sind diese:
Bho001.dll; Rsp001.dll; Winstart001.exe
.....................................................................................................................................
ENTFERNEN <Perfectnav<
Start<Ausfuehren<regedit
loesche folgende Eintraege:
Bei beiden Einträgen kann man unter "Wert" den Verweis auf perfcetnav ablesen.
In keinem Fall irgendwelche anderen Werte löschen!
HKEY_LOCAL_MACHINE\SOFTWARE \ Classes \ CLSID\ <{A045DC85-FC44-45be-8A50-E4F9C62C9A84}
<{00D6A7E7-4A97-456f-848A-3B75BF7554D7}
HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer\Browser Helper Objects \ <{A045DC85-FC44-45be-8A50-E4F9C62C9A84}
<{00D6A7E7-4A97-456f-848A-3B75BF7554D7}
schliesse die Registry
neustarten !!!
Deinstalliere:
c:\programme\PerfectNav\
loesche dann alles, was damit zu tun hat.
C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
..............................................................................................................
ENTFERNEN ExactSearchBar
#Gehe in die Registry
Start<Ausfuehren<regedit
HKEY_CLASSES_ROOT\clsid\{014da6c1-189f-421a-88cd-07cfe51cff10}
HKEY_CLASSES_ROOT\clsid\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_CLASSES_ROOT\clsid\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{014da6c1-189f-421a-88cd-07cfe51cff10}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_CLASSES_ROOT\typelib\{53f066f0-a4c0-4f46-83eb-2dfd03f938cf}
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\clsid\{014da6c1-189f-421a-88cd-07cfe51cff10}
HKEY_LOCAL_MACHINE\clsid\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\clsid\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\classes\clsid\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\exact
HKEY_LOCAL_MACHINE\software\exact\branding
HKEY_LOCAL_MACHINE\software\exact\checkinservername
HKEY_LOCAL_MACHINE\software\exact\checkinserverpath
HKEY_LOCAL_MACHINE\software\exact\checkinserverport
HKEY_LOCAL_MACHINE\software\exact\installdir
HKEY_LOCAL_MACHINE\software\exact\partner
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\exact search bar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\exact search bar\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\exact search bar\uninstallstring
HKEY_USERS\s-1-5-21-725345543-1078145449-1343024091-500\software\exact
HKEY_USERS\s-1-5-21-854245398-1788223648-725345543-re\exact
schliesse die Registry
neustarten
Deinstalliere
C:\Programme\MySearch\bar
Loesche:
C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
C:\WINDOWS\system32\s4bar.dll
...............................................................................................................................
#Lade Spybot
http://www.safer-networking.org/de/download/index.html
#Scanne(<alle Dateien< noch mal mit AdAware und loesche alles, was der Cleaner findet.
......................................................................................................................................
##Lade eScan (entpacke in C:\ base )
http://www.mwti.net/antivirus/free_utilities.asp
Nun suchst du eine "kavupd.exe" und anklicken.
<Es oeffnet sich ein DOS-Fenster und es wird ein Update ausgeführt(dauert ein bisschen)
##Gehe in den abgesicherten Modus(wichtig !!!!!!!!!)
http://www.bsi.de/av/texte/winsave.htm
(F8 druecken, wenn der Computer hochfaehrt
-----suche "mwav.exe und starte so den< eScan<. Alle Häkchen setzen und "Clean-Scan" klicken.
(Falls etwas erscheint<no delet) , notiere es oder kopiere es ab aus dem ellenlangen Log und poste es mir dann (!)
......................................................................................................................................
#Lade ClearProg
http://www.clearprog.de/
Loesche:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
#Mache UNBEDINGT DIE WINDOWSUPDATES (falls keine cdkey da ist, lade alles, ausser SP1
#aktualisiere auch dringend den IE (keine cdkey notwendig)
http://www.microsoft.com/downloads/deta ... B602228DE6
Dann poste das Log noch mal + den Vireninfos von eScan.
mfg
Nikita
http://securityresponse.symantec.com/av ... etnet.html
Wenn du genau machst, was ich poste, bekommen wir den Computer sauber....
Scanne mit dem HijackTis, hake an, was ich poste, dann <fix< und sofort den Computer neu starten.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.chello.at/search/at_iesearch.htm
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [CQIS] C:\WINDOWS\CQIS.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
neustarten
..................................................................................................................................
ENTFERNEN Adware.IGetNet
#Gehe mal in die Host-Datei (mit Editor oeffen )
schau mal in c:\Windows\System32\drivers\etc\hosts
loesche, ganz wichtig :
216.177.73.139 auto.search.msn.com
216.177.73.139 search.netscape.com
216.177.73.139 ieautosearch
Im Normalfall sollte dass hier drin stehen,
127.0.0.1 localhost
Orginal Host Datei
...................................................................................................................................
Lade dieses Tool,
http://www.diamondcs.com.au/index.php?page=apm
---- klicke die einzelnen Explorerprozesse an, bis du findest: Bho.dll und Rsp.dll, dann druecke auf <unload<
Start<Ausfuehren<regedit
Dann gehe in die Registry und loesche alles, was du findest(auf der rechten Seite )
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\
Browser Helper Objects\{730F2451-A3FE-4A72-938C-FC8A74F15978
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{730F2451-A3FE-4A72-938C-FC8A74F15978}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{676058E4-89BD-11D6-8A8C-0050BA8452C0}
HKEY_LOCAL_MACHINE\software\Classes\BHO.clsUrlSearch
HKEY_LOCAL_MACHINE\software\Classes\Rsp.BizLgk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"Winstart"="%system%\Winstart001.exe –boot"
Schliesse die Registry
neustarten!!!!!
#Suche (mit der Suchfunktion von Windows)und loesche:
C:\WINDOWS\system32\Bho.dll
C:\WINDOWS\system32\Rsp.dll
C:\WINDOWS\system32\Winstart.exe
es kann auch sein, die Namen der Malware sind diese:
Bho001.dll; Rsp001.dll; Winstart001.exe
.....................................................................................................................................
ENTFERNEN <Perfectnav<
Start<Ausfuehren<regedit
loesche folgende Eintraege:
Bei beiden Einträgen kann man unter "Wert" den Verweis auf perfcetnav ablesen.
In keinem Fall irgendwelche anderen Werte löschen!
HKEY_LOCAL_MACHINE\SOFTWARE \ Classes \ CLSID\ <{A045DC85-FC44-45be-8A50-E4F9C62C9A84}
<{00D6A7E7-4A97-456f-848A-3B75BF7554D7}
HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer\Browser Helper Objects \ <{A045DC85-FC44-45be-8A50-E4F9C62C9A84}
<{00D6A7E7-4A97-456f-848A-3B75BF7554D7}
schliesse die Registry
neustarten !!!
Deinstalliere:
c:\programme\PerfectNav\
loesche dann alles, was damit zu tun hat.
C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
..............................................................................................................
ENTFERNEN ExactSearchBar
#Gehe in die Registry
Start<Ausfuehren<regedit
HKEY_CLASSES_ROOT\clsid\{014da6c1-189f-421a-88cd-07cfe51cff10}
HKEY_CLASSES_ROOT\clsid\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_CLASSES_ROOT\clsid\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{014da6c1-189f-421a-88cd-07cfe51cff10}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_CLASSES_ROOT\typelib\{53f066f0-a4c0-4f46-83eb-2dfd03f938cf}
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\clsid\{014da6c1-189f-421a-88cd-07cfe51cff10}
HKEY_LOCAL_MACHINE\clsid\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\clsid\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\classes\clsid\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\exact
HKEY_LOCAL_MACHINE\software\exact\branding
HKEY_LOCAL_MACHINE\software\exact\checkinservername
HKEY_LOCAL_MACHINE\software\exact\checkinserverpath
HKEY_LOCAL_MACHINE\software\exact\checkinserverport
HKEY_LOCAL_MACHINE\software\exact\installdir
HKEY_LOCAL_MACHINE\software\exact\partner
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\exact search bar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\exact search bar\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\exact search bar\uninstallstring
HKEY_USERS\s-1-5-21-725345543-1078145449-1343024091-500\software\exact
HKEY_USERS\s-1-5-21-854245398-1788223648-725345543-re\exact
schliesse die Registry
neustarten
Deinstalliere
C:\Programme\MySearch\bar
Loesche:
C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
C:\WINDOWS\system32\s4bar.dll
...............................................................................................................................
#Lade Spybot
http://www.safer-networking.org/de/download/index.html
#Scanne(<alle Dateien< noch mal mit AdAware und loesche alles, was der Cleaner findet.
......................................................................................................................................
##Lade eScan (entpacke in C:\ base )
http://www.mwti.net/antivirus/free_utilities.asp
Nun suchst du eine "kavupd.exe" und anklicken.
<Es oeffnet sich ein DOS-Fenster und es wird ein Update ausgeführt(dauert ein bisschen)
##Gehe in den abgesicherten Modus(wichtig !!!!!!!!!)
http://www.bsi.de/av/texte/winsave.htm
(F8 druecken, wenn der Computer hochfaehrt
-----suche "mwav.exe und starte so den< eScan<. Alle Häkchen setzen und "Clean-Scan" klicken.
(Falls etwas erscheint<no delet) , notiere es oder kopiere es ab aus dem ellenlangen Log und poste es mir dann (!)
......................................................................................................................................
#Lade ClearProg
http://www.clearprog.de/
Loesche:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
#Mache UNBEDINGT DIE WINDOWSUPDATES (falls keine cdkey da ist, lade alles, ausser SP1
#aktualisiere auch dringend den IE (keine cdkey notwendig)
http://www.microsoft.com/downloads/deta ... B602228DE6
Dann poste das Log noch mal + den Vireninfos von eScan.
mfg
Nikita
http://securityresponse.symantec.com/av ... etnet.html
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
Kleinere Probleme
von eromon am 19.08.2004, 10:41
Hi Nikita!!!
Ich habe begonnen mit dem was du mir geschrieben hast, leider kann ich weder clearprog noch apm downloaden.
Ist das schlimm??
mfg eromon
Ich habe begonnen mit dem was du mir geschrieben hast, leider kann ich weder clearprog noch apm downloaden.
Ist das schlimm??
mfg eromon
- eromon
- Beiträge: 17
- Registriert: 13.08.2004, 21:20
- Wohnort: Wien
von Nikita am 19.08.2004, 10:59
1)
#Gehe mal in die Host-Datei (mit dem Editor oeffenen)
schau mal in c:\Windows\System32\drivers\etc\hosts
Im Normalfall sollte dass hier drin stehen, alles andere loeschen !!!!!!!!!!!.
127.0.0.1 localhost
#Orginal Host Datei
...........................................................................................................
2)
Fixe alles, was ich gepostet habe (ist sehr wichtig...dann neustarten)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.chello.at/search/at_iesearch.htm
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [CQIS] C:\WINDOWS\CQIS.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
3)
NEUSTARTEN
4)
Dann versuche es zuerst mit eScan.(Dann updaten und in den abgesicherten Modus gehen, wie erklaert)
##Lade eScan (entpacke in C:\ base )
http://www.mwti.net/antivirus/free_utilities.asp
Nun suchst du eine "kavupd.exe" und anklicken.
<Es oeffnet sich ein DOS-Fenster und es wird ein Update ausgeführt(dauert ein bisschen)
5)
Gehe in den abgesicherten Modus(wichtig !!!!!!!!!)
http://www.bsi.de/av/texte/winsave.htm
(F8 druecken, wenn der Computer hochfaehrt
-----suche "mwav.exe und starte so den< eScan<. Alle Häkchen setzen und "Clean-Scan" klicken.
6)
NORMAL NEUSTARTEN
7)
scAnne noch mal im Normalmodus
suche "mwav.exe und starte so den< eScan<. Alle Häkchen setzen und "Clean-Scan" klicken.
--Falls etwas erscheint<no delet) , notiere es oder kopiere es ab aus dem ellenlangen - Log und poste es mir dann (!)
Nikita
#Gehe mal in die Host-Datei (mit dem Editor oeffenen)
schau mal in c:\Windows\System32\drivers\etc\hosts
Im Normalfall sollte dass hier drin stehen, alles andere loeschen !!!!!!!!!!!.
127.0.0.1 localhost
#Orginal Host Datei
...........................................................................................................
2)
Fixe alles, was ich gepostet habe (ist sehr wichtig...dann neustarten)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.chello.at/search/at_iesearch.htm
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O1 - Hosts: 216.177.73.139 auto.search.msn.com
O1 - Hosts: 216.177.73.139 search.netscape.com
O1 - Hosts: 216.177.73.139 ieautosearch
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [CQIS] C:\WINDOWS\CQIS.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
3)
NEUSTARTEN
4)
Dann versuche es zuerst mit eScan.(Dann updaten und in den abgesicherten Modus gehen, wie erklaert)
##Lade eScan (entpacke in C:\ base )
http://www.mwti.net/antivirus/free_utilities.asp
Nun suchst du eine "kavupd.exe" und anklicken.
<Es oeffnet sich ein DOS-Fenster und es wird ein Update ausgeführt(dauert ein bisschen)
5)
Gehe in den abgesicherten Modus(wichtig !!!!!!!!!)
http://www.bsi.de/av/texte/winsave.htm
(F8 druecken, wenn der Computer hochfaehrt
-----suche "mwav.exe und starte so den< eScan<. Alle Häkchen setzen und "Clean-Scan" klicken.
6)
NORMAL NEUSTARTEN
7)
scAnne noch mal im Normalmodus
suche "mwav.exe und starte so den< eScan<. Alle Häkchen setzen und "Clean-Scan" klicken.
--Falls etwas erscheint<no delet) , notiere es oder kopiere es ab aus dem ellenlangen - Log und poste es mir dann (!)
Nikita
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
Alles gemacht
von eromon am 19.08.2004, 12:36
Hallo Nikita!!!
Vorweg möchte ich mich nochmals bei Dir für die Hilfe bedanken!!!!!!!
Ich habe alles gemacht was Du mir aufgetragen hast. Viele von den Registry Einträgen die Du gepostet hast existierten leider nicht. Ich hoffe das ist nicht schlimm!!!
Dann hab ich noch ne Frage: Beim Entfernen von MySearchBar hast Du geschrieben ich soll C:\Programme\MySearch\bar DEINSTALLIEREN, soll ich da nur den ganzen Ordner löschen oder wie hast Du das gemeint???
Hier das aktuelle HijackThis Log:
Logfile of HijackThis v1.97.7
Scan saved at 12:33:39, on 19.08.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\Nikon\NkView6\NkvMon.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Microsoft Office\Office\OUTLOOK.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Downloads\Security Programs\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jaming.at.tt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.chello.at/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von chello broadband
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=090304 serial=DR12CNC-8322248-NFT lang=DE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programme\Nikon\NkView6\NkvMon.exe
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Real.com (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.chello.at/
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
Dann das eScan Log:
Thu Aug 19 12:22:38 2004 => **********************************************************
Thu Aug 19 12:22:38 2004 => eScan AntiVirus Toolkit Utility.
Thu Aug 19 12:22:38 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Thu Aug 19 12:22:38 2004 => **********************************************************
Thu Aug 19 12:22:38 2004 => Version 4.4.6
Thu Aug 19 12:22:38 2004 => Log File: C:\base\mwav.log
Thu Aug 19 12:22:39 2004 => Latest Date of files inside MWAV: 09 Aug 2004 12:03:08.
Thu Aug 19 12:22:43 2004 => AV Library Loaded...
Thu Aug 19 12:22:43 2004 => Scanning File C:\base\kavss.exe
Thu Aug 19 12:22:43 2004 => Scanning File C:\base\Getvlist.exe
Thu Aug 19 12:22:43 2004 => Scanning File C:\base\kavss.dll
Thu Aug 19 12:22:44 2004 => Scanning File C:\base\kavssdi.dll
Thu Aug 19 12:22:44 2004 => Scanning File C:\base\kavssi.dll
Thu Aug 19 12:22:44 2004 => Scanning File C:\base\kavvlg.dll
Thu Aug 19 12:22:44 2004 => Scanning File C:\base\msvlclnt.dll
Thu Aug 19 12:22:44 2004 => Scanning File C:\base\ipc.dll
Thu Aug 19 12:22:44 2004 => Scanning File C:\base\main.avi
Thu Aug 19 12:22:44 2004 => Scanning File C:\base\virus.avi
Thu Aug 19 12:22:44 2004 => Virus Database Date: 2004/08/09
Thu Aug 19 12:22:44 2004 => Virus Database Count: 100135
Thu Aug 19 12:22:57 2004 => **********************************************************
Thu Aug 19 12:22:57 2004 => eScan AntiVirus Toolkit Utility.
Thu Aug 19 12:22:57 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Thu Aug 19 12:22:57 2004 =>
Thu Aug 19 12:22:57 2004 => Support: support@mwti.net
Thu Aug 19 12:22:57 2004 => Web: http://www.mwti.net
Thu Aug 19 12:22:57 2004 => **********************************************************
Thu Aug 19 12:22:57 2004 => Version 4.4.6
Thu Aug 19 12:22:57 2004 => Log File: C:\base\mwav.log
Thu Aug 19 12:22:57 2004 => Latest Date of files inside MWAV: 09 Aug 2004 12:03:08.
Thu Aug 19 12:22:57 2004 => Options Selected by User:
Thu Aug 19 12:22:57 2004 => Memory Check: Enabled
Thu Aug 19 12:22:57 2004 => Registry Check: Enabled
Thu Aug 19 12:22:57 2004 => StartUp Folder Check: Enabled
Thu Aug 19 12:22:57 2004 => System Folder Check: Enabled
Thu Aug 19 12:22:57 2004 => System Area Check: Disabled
Thu Aug 19 12:22:57 2004 => Services Check: Enabled
Thu Aug 19 12:22:57 2004 => Drive Check Option Disabled
Thu Aug 19 12:22:57 2004 => Scanning Type: Scan And Clean
Thu Aug 19 12:22:57 2004 => Folder Check: Disabled
Thu Aug 19 12:22:57 2004 => ***** Scanning Memory Files *****
Thu Aug 19 12:22:57 2004 => Scanning File C:\WINDOWS\system32\services.exe
Thu Aug 19 12:22:57 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Aug 19 12:22:57 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:22:58 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:22:58 2004 => Scanning File C:\WINDOWS\Explorer.EXE
Thu Aug 19 12:22:58 2004 => Scanning File C:\base\mwavscan.com
Thu Aug 19 12:22:58 2004 => Scanning File C:\base\kavss.exe
Thu Aug 19 12:22:58 2004 => ***** Scanning Registry Files *****
Thu Aug 19 12:22:58 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Thu Aug 19 12:22:58 2004 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Thu Aug 19 12:22:58 2004 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Thu Aug 19 12:22:58 2004 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Thu Aug 19 12:22:58 2004 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Thu Aug 19 12:22:58 2004 => Scanning File C:\WINDOWS\System32\webcheck.dll
Thu Aug 19 12:22:58 2004 => Scanning File C:\WINDOWS\System32\stobject.dll
Thu Aug 19 12:22:58 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Thu Aug 19 12:22:58 2004 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
Thu Aug 19 12:22:59 2004 => Scanning File C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.OCX
Thu Aug 19 12:22:59 2004 => {53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Thu Aug 19 12:22:59 2004 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Thu Aug 19 12:22:59 2004 => {BDF3E430-B101-42AD-A544-FADC6B084872} = C:\Programme\Norton AntiVirus\NavShExt.dll
Thu Aug 19 12:22:59 2004 => Scanning File C:\PROGRA~1\NORTON~1\NavShExt.dll
Thu Aug 19 12:22:59 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Thu Aug 19 12:22:59 2004 => Scanning File C:\WINDOWS\Explorer.exe
Thu Aug 19 12:22:59 2004 => Scanning File C:\WINDOWS\system32\userinit.exe
Thu Aug 19 12:22:59 2004 => Scanning HKCU\Control Panel\Desktop
Thu Aug 19 12:22:59 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Thu Aug 19 12:22:59 2004 => *** File C:\WINDOWS\Mixer.exe having Size Restriction ***
Thu Aug 19 12:22:59 2004 => Scanning File C:\WINDOWS\Mixer.exe [**]
Thu Aug 19 12:22:59 2004 => Scanning File C:\WINDOWS\system32\NeroCheck.exe
Thu Aug 19 12:22:59 2004 => Scanning File C:\WINDOWS\System32\pmxinit.exe
Thu Aug 19 12:23:00 2004 => Scanning File C:\Programme\Logitech\iTouch\iTouch.exe
Thu Aug 19 12:23:00 2004 => Scanning File C:\PROGRA~1\LEXMAR~1\lxbkbmgr.exe
Thu Aug 19 12:23:00 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccApp.exe
Thu Aug 19 12:23:00 2004 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
Thu Aug 19 12:23:01 2004 => Scanning File C:\PROGRA~1\Corel\CORELG~1\LANGUA~1\DE\Programs\REGIST~1.EXE
Thu Aug 19 12:23:01 2004 => Scanning File C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
Thu Aug 19 12:23:01 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Thu Aug 19 12:23:01 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Thu Aug 19 12:23:01 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Thu Aug 19 12:23:01 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Thu Aug 19 12:23:01 2004 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Thu Aug 19 12:23:01 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Thu Aug 19 12:23:01 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Thu Aug 19 12:23:01 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Thu Aug 19 12:23:02 2004 => Scanning HKCR\txtfile\shell\open\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\comfile\shell\open\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\exefile\shell\open\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\dllfile\shell\open\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\batfile\shell\open\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\piffile\shell\open\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\scrfile\shell\open\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\scrfile\shell\config\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\regfile\shell\open\command
Thu Aug 19 12:23:02 2004 => ***** Scanning StartUp Folders *****
Thu Aug 19 12:23:02 2004 => ***** Scanning C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart Folder *****
Thu Aug 19 12:23:02 2004 => Scanning Folder: C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\*.*
Thu Aug 19 12:23:02 2004 => Scanning File C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\desktop.ini [**]
Thu Aug 19 12:23:03 2004 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder *****
Thu Aug 19 12:23:03 2004 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.*
Thu Aug 19 12:23:03 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini [**]
Thu Aug 19 12:23:03 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
Thu Aug 19 12:23:03 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
Thu Aug 19 12:23:03 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NkvMon.exe.lnk
Thu Aug 19 12:23:03 2004 => ***** Scanning Service Files *****
Thu Aug 19 12:23:03 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\drivers\aec.sys
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\agp440.sys
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\alg.exe
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccEvtMgr.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccPwdSvc.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccSetMgr.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\cisvc.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\drivers\cmaudio.sys
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\system32\services.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\gameenum.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\hidgame.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\imapi.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\intelide.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\itchfltr.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\system32\LEXBCES.EXE
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:06 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\MACROM~1\Service\MACROM~1.EXE
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\msdtc.exe
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\msiexec.exe
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\PROGRA~1\NORTON~1\navapsvc.exe
Thu Aug 19 12:23:07 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20040818.018\NAVENG.SYS
Thu Aug 19 12:23:07 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20040818.018\NAVEX15.SYS
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\Drivers\NETMDUSB.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\system32\services.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\powervr.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\locator.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\rsvp.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RTL8029.SYS
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\PROGRA~1\NORTON~1\SAVRT.SYS
Thu Aug 19 12:23:09 2004 => Scanning File C:\PROGRA~1\NORTON~1\SAVRTPEL.SYS
Thu Aug 19 12:23:09 2004 => Scanning File C:\PROGRA~1\NORTON~1\SAVScan.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serial.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SONYSH~1\AVLib\Sptisrv.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\PROGRAMME\SYMANTEC\SYMEVENT.SYS
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SYMREDRV.SYS
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SYMTDI.SYS
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\tlntsvr.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\ups.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbprint.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbscan.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\SYSTEM32\VSDATANT.SYS
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\vssvc.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wceusbsh.sys
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\drivers\ws2ifsl.sys
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:12 2004 => ***** Scanning System32 Folders *****
Thu Aug 19 12:23:13 2004 => Scanning C:\WINDOWS Directory
Thu Aug 19 12:23:13 2004 => Scanning Folder: C:\WINDOWS\*.*
Thu Aug 19 12:23:13 2004 => Scanning File C:\WINDOWS\0.log [**]
Thu Aug 19 12:23:13 2004 => Scanning File C:\WINDOWS\Active Setup Log.BAK [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\Active Setup Log.txt [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\ActiveSkin.INI [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\Angler.bmp [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\barcode.ini [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\Blaue Spitzen 16.bmp [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\bootstat.dat [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\capture.ini [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\CDPlayer.INI [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\clock.avi [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\CMMIXER.INI [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\cmuninst.dat [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\cmuninst.exe
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\comsetup.log [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\control.ini [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\corelpf.lrs [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\dahotfix.log [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\delttsul.exe
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\desktop.ini [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\DirectTVIcon.ico [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\Directx.log [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\dmachine.inf
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\DtcInstall.log [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\d_eJay2.inf
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\d_eJay4.inf
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\ejaylang.txt [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\ejaymp3.inf
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\ejaymp3x.inf
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\emm386g.dl [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\eraser.exe
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\explorer.exe
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\explorer.scf [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\FaxSetup.log [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\Feder.bmp [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\flashax.exe
Thu Aug 19 12:23:16 2004 => Scanning File C:\WINDOWS\Fächer.bmp [**]
Thu Aug 19 12:23:16 2004 => Scanning File C:\WINDOWS\gamestng.reg
Thu Aug 19 12:23:16 2004 => Scanning File C:\WINDOWS\Granit.bmp [**]
Thu Aug 19 12:23:16 2004 => Scanning File C:\WINDOWS\HarryPotter Gryff vs Slyth.scr
Thu Aug 19 12:23:16 2004 => Scanning File C:\WINDOWS\HarryPotter Regret.scr
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\hh.exe
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\ieuninst.exe
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\iis6.log [**]
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\impborl.dll
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\imsins.BAK [**]
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\imsins.log [**]
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\IsUn0407.exe
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\IsUninst.exe
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\jautoexp.dat [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\Kaffeetasse.bmp [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB810217.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB821557.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB823182.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB823559.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB824105.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB824141.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB824146.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB825119.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB828028.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB828035.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB828741.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB835732.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\KB837001.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\KB839643.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\KB839645.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\KB840315.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\KB840374.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\KB841873.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\KB842773.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\lexstat.ini [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\lsb_un20.exe
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\LUINSTALL.LOG [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\mickey32.dll
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\Microsoft.MIF [**]
Thu Aug 19 12:23:19 2004 => *** File C:\WINDOWS\mixer.exe having Size Restriction ***
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\mixer.exe [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\mixerdef.ini [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\msdfmap.ini [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\msgsocm.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\msmqinst.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\ms_eJay.inf
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\muninst.exe
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\netflix.ico [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\NOTEPAD.EXE
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\NSERVER.INI [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\nsreg.dat [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\ntbtlog.txt [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\ntdtcsetup.log [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\ocgen.log [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\ocmsn.log [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\ODBC.INI [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\ODBCINST.INI [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\oeuninst.exe
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\OEWABLog.txt [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\PCDLIB32.DLL
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\PMK_setup.ini [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\pmxreg.exe
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\POCE98.DLL
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\POCELANG.DLL
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\porsche.ini [**]
Thu Aug 19 12:23:21 2004 => *** File C:\WINDOWS\PORSCHE.SCR having Size Restriction ***
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\PORSCHE.SCR [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\PORSCHE_3D_EVOLUTION.AVI [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Präriewind.bmp [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\pvr2os.dll
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q309521.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q311889.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q311967.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q313450.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q314147.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q314862.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q315000.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q315403.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q317181.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q317277.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q318138.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q319580.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q323172.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q323255.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q324096.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q324380.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q326830.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q328310.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q328940.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q329048.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q329115.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q329170.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q329390.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q329441.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q329834.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q330994.exe
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q810577.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q811493.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q811630.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q815021.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q817606.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q819696.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q828026.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\readme.ico [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Readme.txt [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\regedit.exe
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\REGLOCS.OLD [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\regopt.log [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Rhododendron.bmp [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Santa Fe-Stuck.bmp [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\SchedLgU.Txt [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Screen Saver.dat
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Screen Saver.dll
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Screen Saver.exe
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Screen Saver.scr
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Seifenblase.bmp [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\sessmgr.setup.log [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\SET3.tmp [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\SET7.tmp [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\setdebug.exe
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Setup1.exe
Thu Aug 19 12:23:24 2004 => Scanning File C:\WINDOWS\setupact.log [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\setupapi.log [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\setuperr.log [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\setuplog.txt [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\sgl2.dll
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\sglmid7b.dll
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\shop.ico [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\smdat32a.sys [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\smdat32m.sys
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\ST6UNST.EXE
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\Sti_Trace.log [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\svcpack.log [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\system.ini [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\TASKMAN.EXE
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\tiscali_it_2.ico [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\Touareg.exe
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\Touareg.scr
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\tsoc.log [**]
Thu Aug 19 12:23:26 2004 => *** File C:\WINDOWS\tvt_ssv.exe having Size Restriction ***
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\tvt_ssv.exe [**]
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\tvt_ssv.scr
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\twain.dll
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\twain_32.dll
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\twunk_16.exe
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\twunk_32.exe
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\t_eJay4.inf
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\unin0407.exe
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\unvise32qt.exe
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\vb.ini [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\vbaddin.ini [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\vminst.log [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\vmmreg32.dll
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\wiadebug.log [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\wiaservc.log [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\win.ini [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\Winamp.ini [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\winampa.ini [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\Windows Update.log [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\WindowsShell.Manifest [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\WindowsUpdate.log [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\winhelp.exe
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\winhlp32.exe
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\winnt.bmp [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\winnt256.bmp [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\wmprfDEU.prx [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\wmsetup.log [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\WMSysPr9.prx [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\WMSysPrx.prx [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\xpsp1hfm.log [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\Zapotek.bmp [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\_default.pif
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\~GLC0000.TMP
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\~GLC0001.TMP
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\~GLC0002.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLC0003.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLC0004.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0000.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0001.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0002.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0003.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0004.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0005.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0006.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0007.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0008.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0009.TMP
Thu Aug 19 12:23:29 2004 => Scanning C:\WINDOWS\System32 Directory
Thu Aug 19 12:23:29 2004 => Scanning Folder: C:\WINDOWS\System32\*.*
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\System32\$winnt$.inf
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\System32\12520437.cpx [**]
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\System32\12520850.cpx [**]
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\System32\6to4svc.dll
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\System32\a3d.dll
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\aaaamon.dll
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\access.cpl
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\acctres.dll
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\accwiz.exe
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\acelpdec.ax
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\acledit.dll
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\aclui.dll
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\activeds.dll
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\activeds.tlb
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\ActiveSkin.ocx
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\actmovie.exe
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\actxprxy.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\admparse.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\adptif.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\adsldp.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\adsldpc.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\adsmsext.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\adsnds.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\adsnt.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\adsnw.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\advapi32.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\advpack.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\ahui.exe
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\alg.exe
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\alrsvc.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\amcompat.tlb
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\amstream.dll
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\animation2.dll
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\ansi.sys
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\apcups.dll
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\append.exe
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\apphelp.dll
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\appmgmts.dll
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\appmgr.dll
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\arp.exe
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\asctrls.ocx
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\asferror.dll
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\asfsipc.dll
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\ASFV2.DLL
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\asr_fmt.exe
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\asr_ldm.exe
Thu Aug 19 12:23:33 2004 => *** File C:\WINDOWS\System32\ASTAudioFile.dll having Size Restriction ***
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\ASTAudioFile.dll [**]
Thu Aug 19 12:23:33 2004 => *** File C:\WINDOWS\System32\ASTAudioInformation.dll having Size Restriction ***
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\ASTAudioInformation.dll [**]
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\Asterix Screen Saver.scr
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\Asterix Screen Saver.smf [**]
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\asycfilt.dll
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\at.exe
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\atkctrs.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atl.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atl70.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atl71.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atmadm.exe
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atmfd.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atmlib.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atmpvcno.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atrac3.acm
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atrace.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\attrib.exe
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\Audio3D.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\audiosrv.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\authz.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\autochk.exe
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\autoconv.exe
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\autodisc.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\AUTOEXEC.NT [**]
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\autofmt.exe
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\autolfn.exe
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\avicap.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\avicap32.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\avifil32.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\avifile.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\avmeter.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\avtapi.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\avwav.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\basesrv.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\BASSDEC.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\batmeter.dll
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\batt.dll
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bidispl.dll
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bios1.rom [**]
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bios4.rom [**]
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bitsprx2.dll
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bitsprx3.dll
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\blackbox.dll
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bootcfg.exe
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bootok.exe
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bootvid.dll
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bootvrfy.exe
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bopomofo.uce [**]
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\browselc.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\browser.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\browsewm.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\cabinet.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\cabview.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\cacls.exe
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\calc.exe
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\camocx.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\capesnpn.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\cards.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\catsrv.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\catsrvps.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\catsrvut.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\ccfgnt.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\ccrpbds5.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\cdfview.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\cdm.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\cdmodem.dll
Thu Aug 19 12:23:38 2004 => *** File C:\WINDOWS\System32\cdosys.dll having Size Restriction ***
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\cdosys.dll [**]
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\cdplayer.exe.manifest [**]
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\certcli.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\certmgr.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\certmgr.msc [**]
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\CEWMDM.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\cfgbkend.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\cfgmgr32.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\Channels anzeigen.scf [**]
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\charmap.exe
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\chcp.com
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\chkdsk.exe
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\chkntfs.exe
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\ciadmin.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\ciadv.msc [**]
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\cic.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\cidaemon.exe
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\ciodm.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\cipher.exe
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\cisvc.exe
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\ckcnv.exe
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\clb.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\clbcatex.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\clbcatq.dll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cleanmgr.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cliconf.chm [**]
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cliconfg.dll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cliconfg.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cliconfg.rll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\clipbrd.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\clipsrv.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\clspack.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\clusapi.dll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmcfg32.dll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmd.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmdial32.dll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmdl32.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmdlib.wsc [**]
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmmgr32.hlp [**]
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmmon32.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmnprop.dll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmos.ram [**]
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmpbk32.dll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmprops.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\cmstp.exe
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\cmutil.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\CNBJHLP.CNT [**]
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\Cnbjhlp.GID [**]
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\CNBJHLP.HLP [**]
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\cnbjmon.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\cnetcfg.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\cnvfat.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\colbact.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\comaddin.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\comcat.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\comctl32.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\COMCTL32.OCA
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\comctl32.ocx
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\comdlg32.dll
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\COMDLG32.OCA
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\comdlg32.ocx
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\comm.drv
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\command.com
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\commdlg.dll
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\comp.exe
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\compact.exe
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\compatUI.dll
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\compmgmt.msc [**]
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\compobj.dll
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\compstui.dll
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\comrepl.dll
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\comres.dll
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\comsnap.dll
Thu Aug 19 12:23:43 2004 => *** File C:\WINDOWS\System32\comsvcs.dll having Size Restriction ***
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\comsvcs.dll [**]
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\comuid.dll
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\CONFIG.NT [**]
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\CONFIG.TMP [**]
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\confmsp.dll
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\conime.exe
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\console.dll
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\control.exe
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\convert.exe
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\corpol.dll
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\country.sys
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\credui.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\crtdll.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\crypt32.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cryptdlg.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cryptdll.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cryptext.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cryptnet.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cryptsvc.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cryptui.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cscdll.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cscript.exe
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cscui.dll
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\csrsrv.dll
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\csrss.exe
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\csseqchk.dll
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\ctl3d32.dll
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\ctl3dv2.dll
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\ctype.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_037.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10000.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10006.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10007.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10010.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10017.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10029.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10079.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10081.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10082.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1026.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1250.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1251.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1252.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1253.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1254.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1255.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1256.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1257.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1258.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_20127.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_20261.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_20866.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_20905.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_21866.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_28591.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_28592.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_28593.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\C_28594.NLS [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\C_28595.NLS [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\C_28597.NLS [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_28598.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_28599.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_28605.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_437.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_500.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_737.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_775.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_850.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_852.nls [**
Vorweg möchte ich mich nochmals bei Dir für die Hilfe bedanken!!!!!!!
Ich habe alles gemacht was Du mir aufgetragen hast. Viele von den Registry Einträgen die Du gepostet hast existierten leider nicht. Ich hoffe das ist nicht schlimm!!!
Dann hab ich noch ne Frage: Beim Entfernen von MySearchBar hast Du geschrieben ich soll C:\Programme\MySearch\bar DEINSTALLIEREN, soll ich da nur den ganzen Ordner löschen oder wie hast Du das gemeint???
Hier das aktuelle HijackThis Log:
Logfile of HijackThis v1.97.7
Scan saved at 12:33:39, on 19.08.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\Nikon\NkView6\NkvMon.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Microsoft Office\Office\OUTLOOK.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Downloads\Security Programs\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jaming.at.tt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.chello.at/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von chello broadband
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\System32\pmxinit.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programme\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=090304 serial=DR12CNC-8322248-NFT lang=DE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Programme\Nikon\NkView6\NkvMon.exe
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Real.com (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.chello.at/
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
Dann das eScan Log:
Thu Aug 19 12:22:38 2004 => **********************************************************
Thu Aug 19 12:22:38 2004 => eScan AntiVirus Toolkit Utility.
Thu Aug 19 12:22:38 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Thu Aug 19 12:22:38 2004 => **********************************************************
Thu Aug 19 12:22:38 2004 => Version 4.4.6
Thu Aug 19 12:22:38 2004 => Log File: C:\base\mwav.log
Thu Aug 19 12:22:39 2004 => Latest Date of files inside MWAV: 09 Aug 2004 12:03:08.
Thu Aug 19 12:22:43 2004 => AV Library Loaded...
Thu Aug 19 12:22:43 2004 => Scanning File C:\base\kavss.exe
Thu Aug 19 12:22:43 2004 => Scanning File C:\base\Getvlist.exe
Thu Aug 19 12:22:43 2004 => Scanning File C:\base\kavss.dll
Thu Aug 19 12:22:44 2004 => Scanning File C:\base\kavssdi.dll
Thu Aug 19 12:22:44 2004 => Scanning File C:\base\kavssi.dll
Thu Aug 19 12:22:44 2004 => Scanning File C:\base\kavvlg.dll
Thu Aug 19 12:22:44 2004 => Scanning File C:\base\msvlclnt.dll
Thu Aug 19 12:22:44 2004 => Scanning File C:\base\ipc.dll
Thu Aug 19 12:22:44 2004 => Scanning File C:\base\main.avi
Thu Aug 19 12:22:44 2004 => Scanning File C:\base\virus.avi
Thu Aug 19 12:22:44 2004 => Virus Database Date: 2004/08/09
Thu Aug 19 12:22:44 2004 => Virus Database Count: 100135
Thu Aug 19 12:22:57 2004 => **********************************************************
Thu Aug 19 12:22:57 2004 => eScan AntiVirus Toolkit Utility.
Thu Aug 19 12:22:57 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Thu Aug 19 12:22:57 2004 =>
Thu Aug 19 12:22:57 2004 => Support: support@mwti.net
Thu Aug 19 12:22:57 2004 => Web: http://www.mwti.net
Thu Aug 19 12:22:57 2004 => **********************************************************
Thu Aug 19 12:22:57 2004 => Version 4.4.6
Thu Aug 19 12:22:57 2004 => Log File: C:\base\mwav.log
Thu Aug 19 12:22:57 2004 => Latest Date of files inside MWAV: 09 Aug 2004 12:03:08.
Thu Aug 19 12:22:57 2004 => Options Selected by User:
Thu Aug 19 12:22:57 2004 => Memory Check: Enabled
Thu Aug 19 12:22:57 2004 => Registry Check: Enabled
Thu Aug 19 12:22:57 2004 => StartUp Folder Check: Enabled
Thu Aug 19 12:22:57 2004 => System Folder Check: Enabled
Thu Aug 19 12:22:57 2004 => System Area Check: Disabled
Thu Aug 19 12:22:57 2004 => Services Check: Enabled
Thu Aug 19 12:22:57 2004 => Drive Check Option Disabled
Thu Aug 19 12:22:57 2004 => Scanning Type: Scan And Clean
Thu Aug 19 12:22:57 2004 => Folder Check: Disabled
Thu Aug 19 12:22:57 2004 => ***** Scanning Memory Files *****
Thu Aug 19 12:22:57 2004 => Scanning File C:\WINDOWS\system32\services.exe
Thu Aug 19 12:22:57 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Aug 19 12:22:57 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:22:58 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:22:58 2004 => Scanning File C:\WINDOWS\Explorer.EXE
Thu Aug 19 12:22:58 2004 => Scanning File C:\base\mwavscan.com
Thu Aug 19 12:22:58 2004 => Scanning File C:\base\kavss.exe
Thu Aug 19 12:22:58 2004 => ***** Scanning Registry Files *****
Thu Aug 19 12:22:58 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Thu Aug 19 12:22:58 2004 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Thu Aug 19 12:22:58 2004 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Thu Aug 19 12:22:58 2004 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Thu Aug 19 12:22:58 2004 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Thu Aug 19 12:22:58 2004 => Scanning File C:\WINDOWS\System32\webcheck.dll
Thu Aug 19 12:22:58 2004 => Scanning File C:\WINDOWS\System32\stobject.dll
Thu Aug 19 12:22:58 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Thu Aug 19 12:22:58 2004 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
Thu Aug 19 12:22:59 2004 => Scanning File C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.OCX
Thu Aug 19 12:22:59 2004 => {53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Thu Aug 19 12:22:59 2004 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Thu Aug 19 12:22:59 2004 => {BDF3E430-B101-42AD-A544-FADC6B084872} = C:\Programme\Norton AntiVirus\NavShExt.dll
Thu Aug 19 12:22:59 2004 => Scanning File C:\PROGRA~1\NORTON~1\NavShExt.dll
Thu Aug 19 12:22:59 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Thu Aug 19 12:22:59 2004 => Scanning File C:\WINDOWS\Explorer.exe
Thu Aug 19 12:22:59 2004 => Scanning File C:\WINDOWS\system32\userinit.exe
Thu Aug 19 12:22:59 2004 => Scanning HKCU\Control Panel\Desktop
Thu Aug 19 12:22:59 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Thu Aug 19 12:22:59 2004 => *** File C:\WINDOWS\Mixer.exe having Size Restriction ***
Thu Aug 19 12:22:59 2004 => Scanning File C:\WINDOWS\Mixer.exe [**]
Thu Aug 19 12:22:59 2004 => Scanning File C:\WINDOWS\system32\NeroCheck.exe
Thu Aug 19 12:22:59 2004 => Scanning File C:\WINDOWS\System32\pmxinit.exe
Thu Aug 19 12:23:00 2004 => Scanning File C:\Programme\Logitech\iTouch\iTouch.exe
Thu Aug 19 12:23:00 2004 => Scanning File C:\PROGRA~1\LEXMAR~1\lxbkbmgr.exe
Thu Aug 19 12:23:00 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccApp.exe
Thu Aug 19 12:23:00 2004 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
Thu Aug 19 12:23:01 2004 => Scanning File C:\PROGRA~1\Corel\CORELG~1\LANGUA~1\DE\Programs\REGIST~1.EXE
Thu Aug 19 12:23:01 2004 => Scanning File C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
Thu Aug 19 12:23:01 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Thu Aug 19 12:23:01 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Thu Aug 19 12:23:01 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Thu Aug 19 12:23:01 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Thu Aug 19 12:23:01 2004 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Thu Aug 19 12:23:01 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Thu Aug 19 12:23:01 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Thu Aug 19 12:23:01 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Thu Aug 19 12:23:02 2004 => Scanning HKCR\txtfile\shell\open\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\comfile\shell\open\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\exefile\shell\open\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\dllfile\shell\open\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\batfile\shell\open\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\piffile\shell\open\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\scrfile\shell\open\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\scrfile\shell\config\command
Thu Aug 19 12:23:02 2004 => Scanning HKCR\regfile\shell\open\command
Thu Aug 19 12:23:02 2004 => ***** Scanning StartUp Folders *****
Thu Aug 19 12:23:02 2004 => ***** Scanning C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart Folder *****
Thu Aug 19 12:23:02 2004 => Scanning Folder: C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\*.*
Thu Aug 19 12:23:02 2004 => Scanning File C:\Dokumente und Einstellungen\Thomas\Startmenü\Programme\Autostart\desktop.ini [**]
Thu Aug 19 12:23:03 2004 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder *****
Thu Aug 19 12:23:03 2004 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.*
Thu Aug 19 12:23:03 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini [**]
Thu Aug 19 12:23:03 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
Thu Aug 19 12:23:03 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
Thu Aug 19 12:23:03 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NkvMon.exe.lnk
Thu Aug 19 12:23:03 2004 => ***** Scanning Service Files *****
Thu Aug 19 12:23:03 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\drivers\aec.sys
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\agp440.sys
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\alg.exe
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccEvtMgr.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccPwdSvc.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\ccSetMgr.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\cisvc.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\drivers\cmaudio.sys
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Thu Aug 19 12:23:04 2004 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\system32\services.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\gameenum.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\hidgame.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\imapi.exe
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\intelide.sys
Thu Aug 19 12:23:05 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\itchfltr.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\system32\LEXBCES.EXE
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:06 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\MACROM~1\Service\MACROM~1.EXE
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Thu Aug 19 12:23:06 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\msdtc.exe
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\msiexec.exe
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\PROGRA~1\NORTON~1\navapsvc.exe
Thu Aug 19 12:23:07 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20040818.018\NAVENG.SYS
Thu Aug 19 12:23:07 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20040818.018\NAVEX15.SYS
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Thu Aug 19 12:23:07 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\Drivers\NETMDUSB.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\system32\services.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\powervr.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Thu Aug 19 12:23:08 2004 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\locator.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\rsvp.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RTL8029.SYS
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\PROGRA~1\NORTON~1\SAVRT.SYS
Thu Aug 19 12:23:09 2004 => Scanning File C:\PROGRA~1\NORTON~1\SAVRTPEL.SYS
Thu Aug 19 12:23:09 2004 => Scanning File C:\PROGRA~1\NORTON~1\SAVScan.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:09 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serial.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SONYSH~1\AVLib\Sptisrv.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Thu Aug 19 12:23:10 2004 => Scanning File C:\PROGRAMME\SYMANTEC\SYMEVENT.SYS
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SYMREDRV.SYS
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SYMTDI.SYS
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys
Thu Aug 19 12:23:10 2004 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\tlntsvr.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\ups.exe
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbprint.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbscan.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\SYSTEM32\VSDATANT.SYS
Thu Aug 19 12:23:11 2004 => Scanning File C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\vssvc.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wceusbsh.sys
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\drivers\ws2ifsl.sys
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Aug 19 12:23:12 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Aug 19 12:23:12 2004 => ***** Scanning System32 Folders *****
Thu Aug 19 12:23:13 2004 => Scanning C:\WINDOWS Directory
Thu Aug 19 12:23:13 2004 => Scanning Folder: C:\WINDOWS\*.*
Thu Aug 19 12:23:13 2004 => Scanning File C:\WINDOWS\0.log [**]
Thu Aug 19 12:23:13 2004 => Scanning File C:\WINDOWS\Active Setup Log.BAK [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\Active Setup Log.txt [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\ActiveSkin.INI [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\Angler.bmp [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\barcode.ini [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\Blaue Spitzen 16.bmp [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\bootstat.dat [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\capture.ini [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\CDPlayer.INI [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\clock.avi [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\CMMIXER.INI [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\cmuninst.dat [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\cmuninst.exe
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\comsetup.log [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\control.ini [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\corelpf.lrs [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\dahotfix.log [**]
Thu Aug 19 12:23:14 2004 => Scanning File C:\WINDOWS\delttsul.exe
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\desktop.ini [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\DirectTVIcon.ico [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\Directx.log [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\dmachine.inf
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\DtcInstall.log [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\d_eJay2.inf
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\d_eJay4.inf
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\ejaylang.txt [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\ejaymp3.inf
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\ejaymp3x.inf
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\emm386g.dl [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\eraser.exe
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\explorer.exe
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\explorer.scf [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\FaxSetup.log [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\Feder.bmp [**]
Thu Aug 19 12:23:15 2004 => Scanning File C:\WINDOWS\flashax.exe
Thu Aug 19 12:23:16 2004 => Scanning File C:\WINDOWS\Fächer.bmp [**]
Thu Aug 19 12:23:16 2004 => Scanning File C:\WINDOWS\gamestng.reg
Thu Aug 19 12:23:16 2004 => Scanning File C:\WINDOWS\Granit.bmp [**]
Thu Aug 19 12:23:16 2004 => Scanning File C:\WINDOWS\HarryPotter Gryff vs Slyth.scr
Thu Aug 19 12:23:16 2004 => Scanning File C:\WINDOWS\HarryPotter Regret.scr
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\hh.exe
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\ieuninst.exe
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\iis6.log [**]
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\impborl.dll
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\imsins.BAK [**]
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\imsins.log [**]
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\IsUn0407.exe
Thu Aug 19 12:23:17 2004 => Scanning File C:\WINDOWS\IsUninst.exe
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\jautoexp.dat [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\Kaffeetasse.bmp [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB810217.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB821557.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB823182.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB823559.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB824105.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB824141.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB824146.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB825119.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB828028.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB828035.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB828741.log [**]
Thu Aug 19 12:23:18 2004 => Scanning File C:\WINDOWS\KB835732.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\KB837001.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\KB839643.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\KB839645.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\KB840315.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\KB840374.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\KB841873.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\KB842773.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\lexstat.ini [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\lsb_un20.exe
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\LUINSTALL.LOG [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\mickey32.dll
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\Microsoft.MIF [**]
Thu Aug 19 12:23:19 2004 => *** File C:\WINDOWS\mixer.exe having Size Restriction ***
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\mixer.exe [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\mixerdef.ini [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\msdfmap.ini [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\msgsocm.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\msmqinst.log [**]
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\ms_eJay.inf
Thu Aug 19 12:23:19 2004 => Scanning File C:\WINDOWS\muninst.exe
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\netflix.ico [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\NOTEPAD.EXE
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\NSERVER.INI [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\nsreg.dat [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\ntbtlog.txt [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\ntdtcsetup.log [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\ocgen.log [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\ocmsn.log [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\ODBC.INI [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\ODBCINST.INI [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\oeuninst.exe
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\OEWABLog.txt [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\PCDLIB32.DLL
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\PMK_setup.ini [**]
Thu Aug 19 12:23:20 2004 => Scanning File C:\WINDOWS\pmxreg.exe
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\POCE98.DLL
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\POCELANG.DLL
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\porsche.ini [**]
Thu Aug 19 12:23:21 2004 => *** File C:\WINDOWS\PORSCHE.SCR having Size Restriction ***
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\PORSCHE.SCR [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\PORSCHE_3D_EVOLUTION.AVI [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Präriewind.bmp [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\pvr2os.dll
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q309521.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q311889.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q311967.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q313450.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q314147.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q314862.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q315000.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q315403.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q317181.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q317277.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q318138.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q319580.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q323172.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q323255.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q324096.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q324380.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q326830.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q328310.log [**]
Thu Aug 19 12:23:21 2004 => Scanning File C:\WINDOWS\Q328940.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q329048.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q329115.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q329170.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q329390.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q329441.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q329834.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q330994.exe
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q810577.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q811493.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q811630.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q815021.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q817606.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q819696.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Q828026.log [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\readme.ico [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\Readme.txt [**]
Thu Aug 19 12:23:22 2004 => Scanning File C:\WINDOWS\regedit.exe
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\REGLOCS.OLD [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\regopt.log [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Rhododendron.bmp [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Santa Fe-Stuck.bmp [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\SchedLgU.Txt [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Screen Saver.dat
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Screen Saver.dll
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Screen Saver.exe
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Screen Saver.scr
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Seifenblase.bmp [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\sessmgr.setup.log [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\SET3.tmp [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\SET7.tmp [**]
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\setdebug.exe
Thu Aug 19 12:23:23 2004 => Scanning File C:\WINDOWS\Setup1.exe
Thu Aug 19 12:23:24 2004 => Scanning File C:\WINDOWS\setupact.log [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\setupapi.log [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\setuperr.log [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\setuplog.txt [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\sgl2.dll
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\sglmid7b.dll
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\shop.ico [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\smdat32a.sys [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\smdat32m.sys
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\ST6UNST.EXE
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\Sti_Trace.log [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\svcpack.log [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\system.ini [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\TASKMAN.EXE
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\tiscali_it_2.ico [**]
Thu Aug 19 12:23:25 2004 => Scanning File C:\WINDOWS\Touareg.exe
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\Touareg.scr
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\tsoc.log [**]
Thu Aug 19 12:23:26 2004 => *** File C:\WINDOWS\tvt_ssv.exe having Size Restriction ***
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\tvt_ssv.exe [**]
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\tvt_ssv.scr
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\twain.dll
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\twain_32.dll
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\twunk_16.exe
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\twunk_32.exe
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\t_eJay4.inf
Thu Aug 19 12:23:26 2004 => Scanning File C:\WINDOWS\unin0407.exe
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\unvise32qt.exe
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\vb.ini [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\vbaddin.ini [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\vminst.log [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\vmmreg32.dll
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\wiadebug.log [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\wiaservc.log [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\win.ini [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\Winamp.ini [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\winampa.ini [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\Windows Update.log [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\WindowsShell.Manifest [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\WindowsUpdate.log [**]
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\winhelp.exe
Thu Aug 19 12:23:27 2004 => Scanning File C:\WINDOWS\winhlp32.exe
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\winnt.bmp [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\winnt256.bmp [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\wmprfDEU.prx [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\wmsetup.log [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\WMSysPr9.prx [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\WMSysPrx.prx [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\xpsp1hfm.log [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\Zapotek.bmp [**]
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\_default.pif
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\~GLC0000.TMP
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\~GLC0001.TMP
Thu Aug 19 12:23:28 2004 => Scanning File C:\WINDOWS\~GLC0002.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLC0003.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLC0004.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0000.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0001.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0002.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0003.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0004.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0005.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0006.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0007.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0008.TMP
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\~GLH0009.TMP
Thu Aug 19 12:23:29 2004 => Scanning C:\WINDOWS\System32 Directory
Thu Aug 19 12:23:29 2004 => Scanning Folder: C:\WINDOWS\System32\*.*
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\System32\$winnt$.inf
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\System32\12520437.cpx [**]
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\System32\12520850.cpx [**]
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\System32\6to4svc.dll
Thu Aug 19 12:23:29 2004 => Scanning File C:\WINDOWS\System32\a3d.dll
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\aaaamon.dll
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\access.cpl
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\acctres.dll
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\accwiz.exe
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\acelpdec.ax
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\acledit.dll
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\aclui.dll
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\activeds.dll
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\activeds.tlb
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\ActiveSkin.ocx
Thu Aug 19 12:23:30 2004 => Scanning File C:\WINDOWS\System32\actmovie.exe
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\actxprxy.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\admparse.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\adptif.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\adsldp.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\adsldpc.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\adsmsext.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\adsnds.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\adsnt.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\adsnw.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\advapi32.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\advpack.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\ahui.exe
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\alg.exe
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\alrsvc.dll
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\amcompat.tlb
Thu Aug 19 12:23:31 2004 => Scanning File C:\WINDOWS\System32\amstream.dll
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\animation2.dll
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\ansi.sys
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\apcups.dll
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\append.exe
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\apphelp.dll
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\appmgmts.dll
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\appmgr.dll
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\arp.exe
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\asctrls.ocx
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\asferror.dll
Thu Aug 19 12:23:32 2004 => Scanning File C:\WINDOWS\System32\asfsipc.dll
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\ASFV2.DLL
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\asr_fmt.exe
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\asr_ldm.exe
Thu Aug 19 12:23:33 2004 => *** File C:\WINDOWS\System32\ASTAudioFile.dll having Size Restriction ***
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\ASTAudioFile.dll [**]
Thu Aug 19 12:23:33 2004 => *** File C:\WINDOWS\System32\ASTAudioInformation.dll having Size Restriction ***
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\ASTAudioInformation.dll [**]
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\Asterix Screen Saver.scr
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\Asterix Screen Saver.smf [**]
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\asycfilt.dll
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\at.exe
Thu Aug 19 12:23:33 2004 => Scanning File C:\WINDOWS\System32\atkctrs.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atl.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atl70.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atl71.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atmadm.exe
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atmfd.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atmlib.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atmpvcno.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atrac3.acm
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\atrace.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\attrib.exe
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\Audio3D.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\audiosrv.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\authz.dll
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\autochk.exe
Thu Aug 19 12:23:34 2004 => Scanning File C:\WINDOWS\System32\autoconv.exe
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\autodisc.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\AUTOEXEC.NT [**]
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\autofmt.exe
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\autolfn.exe
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\avicap.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\avicap32.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\avifil32.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\avifile.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\avmeter.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\avtapi.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\avwav.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\basesrv.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\BASSDEC.dll
Thu Aug 19 12:23:35 2004 => Scanning File C:\WINDOWS\System32\batmeter.dll
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\batt.dll
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bidispl.dll
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bios1.rom [**]
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bios4.rom [**]
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bitsprx2.dll
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bitsprx3.dll
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\blackbox.dll
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bootcfg.exe
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bootok.exe
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bootvid.dll
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bootvrfy.exe
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\bopomofo.uce [**]
Thu Aug 19 12:23:36 2004 => Scanning File C:\WINDOWS\System32\browselc.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\browser.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\browseui.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\browsewm.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\cabinet.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\cabview.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\cacls.exe
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\calc.exe
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\camocx.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\capesnpn.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\cards.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\catsrv.dll
Thu Aug 19 12:23:37 2004 => Scanning File C:\WINDOWS\System32\catsrvps.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\catsrvut.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\ccfgnt.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\ccrpbds5.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\cdfview.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\cdm.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\cdmodem.dll
Thu Aug 19 12:23:38 2004 => *** File C:\WINDOWS\System32\cdosys.dll having Size Restriction ***
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\cdosys.dll [**]
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\cdplayer.exe.manifest [**]
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\certcli.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\certmgr.dll
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\certmgr.msc [**]
Thu Aug 19 12:23:38 2004 => Scanning File C:\WINDOWS\System32\CEWMDM.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\cfgbkend.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\cfgmgr32.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\Channels anzeigen.scf [**]
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\charmap.exe
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\chcp.com
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\chkdsk.exe
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\chkntfs.exe
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\ciadmin.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\ciadv.msc [**]
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\cic.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\cidaemon.exe
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\ciodm.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\cipher.exe
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\cisvc.exe
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\ckcnv.exe
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\clb.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\clbcatex.dll
Thu Aug 19 12:23:39 2004 => Scanning File C:\WINDOWS\System32\clbcatq.dll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cleanmgr.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cliconf.chm [**]
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cliconfg.dll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cliconfg.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cliconfg.rll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\clipbrd.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\clipsrv.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\clspack.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\clusapi.dll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmcfg32.dll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmd.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmdial32.dll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmdl32.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmdlib.wsc [**]
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmmgr32.hlp [**]
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmmon32.exe
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmnprop.dll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmos.ram [**]
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmpbk32.dll
Thu Aug 19 12:23:40 2004 => Scanning File C:\WINDOWS\System32\cmprops.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\cmstp.exe
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\cmutil.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\CNBJHLP.CNT [**]
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\Cnbjhlp.GID [**]
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\CNBJHLP.HLP [**]
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\cnbjmon.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\cnetcfg.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\cnvfat.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\colbact.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\comaddin.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\comcat.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\comctl32.dll
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\COMCTL32.OCA
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\comctl32.ocx
Thu Aug 19 12:23:41 2004 => Scanning File C:\WINDOWS\System32\comdlg32.dll
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\COMDLG32.OCA
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\comdlg32.ocx
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\comm.drv
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\command.com
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\commdlg.dll
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\comp.exe
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\compact.exe
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\compatUI.dll
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\compmgmt.msc [**]
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\compobj.dll
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\compstui.dll
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\comrepl.dll
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\comres.dll
Thu Aug 19 12:23:42 2004 => Scanning File C:\WINDOWS\System32\comsnap.dll
Thu Aug 19 12:23:43 2004 => *** File C:\WINDOWS\System32\comsvcs.dll having Size Restriction ***
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\comsvcs.dll [**]
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\comuid.dll
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\CONFIG.NT [**]
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\CONFIG.TMP [**]
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\confmsp.dll
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\conime.exe
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\console.dll
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\control.exe
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\convert.exe
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\corpol.dll
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\country.sys
Thu Aug 19 12:23:43 2004 => Scanning File C:\WINDOWS\System32\credui.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\crtdll.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\crypt32.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cryptdlg.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cryptdll.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cryptext.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cryptnet.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cryptsvc.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cryptui.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cscdll.dll
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cscript.exe
Thu Aug 19 12:23:44 2004 => Scanning File C:\WINDOWS\System32\cscui.dll
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\csrsrv.dll
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\csrss.exe
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\csseqchk.dll
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\ctl3d32.dll
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\ctl3dv2.dll
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\ctype.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_037.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10000.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10006.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10007.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10010.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10017.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10029.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10079.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10081.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_10082.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1026.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1250.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1251.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1252.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1253.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1254.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1255.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1256.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1257.nls [**]
Thu Aug 19 12:23:45 2004 => Scanning File C:\WINDOWS\System32\c_1258.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_20127.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_20261.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_20866.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_20905.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_21866.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_28591.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_28592.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_28593.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\C_28594.NLS [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\C_28595.NLS [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\C_28597.NLS [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_28598.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_28599.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_28605.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_437.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_500.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_737.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_775.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_850.nls [**]
Thu Aug 19 12:23:46 2004 => Scanning File C:\WINDOWS\System32\c_852.nls [**
- eromon
- Beiträge: 17
- Registriert: 13.08.2004, 21:20
- Wohnort: Wien
MySearch\bar manuell loeschen
von Nikita am 19.08.2004, 14:23
Nun , das komplette Log wollte ich eigentlich nicht, sondern nur:
Falls etwas erscheint<no delet, <no taken action<) , notiere es oder kopiere es ab aus dem ellenlangen Log und poste es mir dann (!)
(So hatte ich geschrieben......)
.............................................................................................................................
#Zitat:
Dann hab ich noch ne Frage: Beim Entfernen von MySearchBar hast Du geschrieben ich soll C:\Programme\MySearch\bar DEINSTALLIEREN, soll ich da nur den ganzen Ordner löschen oder wie hast Du das gemeint???
Es ist ja wohl logisch, dass du ALLES loesche musst, was mit dieser Malware zu tun hat (!)
Start<Ausfuehren<regedit
Gehe in die Registry und loesche, was du findest:
HKEY_CLASSES_ROOT\clsid\{014da6c1-189f-421a-88cd-07cfe51cff10}
HKEY_CLASSES_ROOT\clsid\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_CLASSES_ROOT\clsid\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{014da6c1-189f-421a-88cd-07cfe51cff10}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_CLASSES_ROOT\typelib\{53f066f0-a4c0-4f46-83eb-2dfd03f938cf}
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\clsid\{014da6c1-189f-421a-88cd-07cfe51cff10}
HKEY_LOCAL_MACHINE\clsid\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\clsid\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\classes\clsid\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\exact
HKEY_LOCAL_MACHINE\software\exact\branding
HKEY_LOCAL_MACHINE\software\exact\checkinservername
HKEY_LOCAL_MACHINE\software\exact\checkinserverpath
HKEY_LOCAL_MACHINE\software\exact\checkinserverport
HKEY_LOCAL_MACHINE\software\exact\installdir
HKEY_LOCAL_MACHINE\software\exact\partner
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\exact search bar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\exact search bar\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\exact search bar\uninstallstring
HKEY_USERS\s-1-5-21-725345543-1078145449-1343024091-500\software\exact
HKEY_USERS\s-1-5-21-854245398-1788223648-725345543
NEUSTARTEN
Deinstalliere
C:\Programme\MySearch\bar
Loesche:
C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
C:\WINDOWS\system32\s4bar.dll
cacls.exe-25504e4a.pf
closewindow.exe
exactlog.txt
exactsetup.exe-10a25ae5.pf
exactupdate.exe-29d73d0f.pf
exactupdate00105.exe
glb6.tmp-1a38aaa8.pf
install.log
mg03025.xml
mg03026.xml
mg03027.xml
mg03028.xml
mg03030.xml
mg03031.xml
mg03032.xml
mg03033.xml
mg03034.xml
mg10000.xml
\exact\exacttoolbar.dll
\exacttoolbar00068.dll
\exactupdate.exe
\exactupdate00136.exe
\popularlinks.reg
\system\exacttoolbar.dll
\system\s4bar.dll
\system32\exacctsetup3.exe
\system32\exactsetup.dll
\system32\exacttoolbar.dll
system32\ezstubi.dll
\system32\ezstubi.exe
........................................................................................................
#Mache UNBEDINGT die WindowsUpdates , falls du hier nicht Dauergast sein willst
(falls du keine cdkey hast, alles alles ausser SP1)
....erst heute habe ich einem Verzweifelten beim Loeschen vom Blaster- wurm geholfen........Er hatte keine Updates gemacht....
#Aktualisiere auch dringendst den IE (keine cdkey notwendig)
http://www.microsoft.com/downloads/deta ... B602228DE6
#Scanne noch mit Spysweeper
http://www.spysweeper.com/
Dann poste das Log noch mal (mit den Updates !!!!)
mfg
Nikita
Falls etwas erscheint<no delet, <no taken action<) , notiere es oder kopiere es ab aus dem ellenlangen Log und poste es mir dann (!)
(So hatte ich geschrieben......)
.............................................................................................................................
#Zitat:
Dann hab ich noch ne Frage: Beim Entfernen von MySearchBar hast Du geschrieben ich soll C:\Programme\MySearch\bar DEINSTALLIEREN, soll ich da nur den ganzen Ordner löschen oder wie hast Du das gemeint???
Es ist ja wohl logisch, dass du ALLES loesche musst, was mit dieser Malware zu tun hat (!)
Start<Ausfuehren<regedit
Gehe in die Registry und loesche, was du findest:
HKEY_CLASSES_ROOT\clsid\{014da6c1-189f-421a-88cd-07cfe51cff10}
HKEY_CLASSES_ROOT\clsid\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_CLASSES_ROOT\clsid\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{014da6c1-189f-421a-88cd-07cfe51cff10}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_CLASSES_ROOT\typelib\{53f066f0-a4c0-4f46-83eb-2dfd03f938cf}
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\clsid\{014da6c1-189f-421a-88cd-07cfe51cff10}
HKEY_LOCAL_MACHINE\clsid\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\clsid\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\classes\clsid\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\exact
HKEY_LOCAL_MACHINE\software\exact\branding
HKEY_LOCAL_MACHINE\software\exact\checkinservername
HKEY_LOCAL_MACHINE\software\exact\checkinserverpath
HKEY_LOCAL_MACHINE\software\exact\checkinserverport
HKEY_LOCAL_MACHINE\software\exact\installdir
HKEY_LOCAL_MACHINE\software\exact\partner
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved\{224530a0-c9cb-4aee-9c0f-54ac1b533211}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved\{f9765480-72d1-11d4-a75a-004f49045a87}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\exact search bar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\exact search bar\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\exact search bar\uninstallstring
HKEY_USERS\s-1-5-21-725345543-1078145449-1343024091-500\software\exact
HKEY_USERS\s-1-5-21-854245398-1788223648-725345543
NEUSTARTEN
Deinstalliere
C:\Programme\MySearch\bar
Loesche:
C:\Programme\MySearch\bar\1.bin\S4BAR.DLL
C:\WINDOWS\system32\s4bar.dll
cacls.exe-25504e4a.pf
closewindow.exe
exactlog.txt
exactsetup.exe-10a25ae5.pf
exactupdate.exe-29d73d0f.pf
exactupdate00105.exe
glb6.tmp-1a38aaa8.pf
install.log
mg03025.xml
mg03026.xml
mg03027.xml
mg03028.xml
mg03030.xml
mg03031.xml
mg03032.xml
mg03033.xml
mg03034.xml
mg10000.xml
\exact\exacttoolbar.dll
\exacttoolbar00068.dll
\exactupdate.exe
\exactupdate00136.exe
\popularlinks.reg
\system\exacttoolbar.dll
\system\s4bar.dll
\system32\exacctsetup3.exe
\system32\exactsetup.dll
\system32\exacttoolbar.dll
system32\ezstubi.dll
\system32\ezstubi.exe
........................................................................................................
#Mache UNBEDINGT die WindowsUpdates , falls du hier nicht Dauergast sein willst
(falls du keine cdkey hast, alles alles ausser SP1)
....erst heute habe ich einem Verzweifelten beim Loeschen vom Blaster- wurm geholfen........Er hatte keine Updates gemacht....
#Aktualisiere auch dringendst den IE (keine cdkey notwendig)
http://www.microsoft.com/downloads/deta ... B602228DE6
#Scanne noch mit Spysweeper
http://www.spysweeper.com/
Dann poste das Log noch mal (mit den Updates !!!!)
mfg
Nikita
- Nikita
- Moderator
- Beiträge: 11478
- Registriert: 07.12.2003, 16:53
- Wohnort: Lissabon
10 Beiträge • Seite 1 von 1
Ähnliche Themen
| Workshop zum Thema "Einbau einer zweiten Festplatte&quo Forum: Feedback Autor: YX2FLY Antworten: |
Scanner-Problem unter XP Forum: Hardware-Hilfe Autor: Nordi Antworten: |
Internet problem Forum: Software-Hilfe Autor: noodlez Antworten: |
kurioses win98 problem mit sämtlichen laufwerken Forum: Software-Hilfe Autor: Anonymous Antworten: |
kennt einer von euch den VDD mod für das epox 8rda+?? Forum: Hardware-Hilfe Autor: Anonymous Antworten: |
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste