Home » Viren, Trojaner & Malware Forum » Trojanisches Pferd /Buddy.f Bekomme ihn nicht weg » Themenansicht
Trojanisches Pferd /Buddy.f Bekomme ihn nicht weg |
||
|---|---|---|
| #0
| ||
|
16.06.2005, 10:25
Ehrenmitglied
 Beiträge: 29434 |
||
 
|
|
|
|
16.06.2005, 14:24
Member
Beiträge: 11 |
#32
hallo Sabina:
hab versucht die datei C:\WINDOWS2\system32\pfopaf.exe zu löschen, aber bevor der pc den neustart gemacht hat kam diese meldung: PendingFileRenameOperations Registry Data has been Removed by External Process. MfG Dsching |
|
|
|
|
|
|
16.06.2005, 14:25
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
16.06.2005, 15:01
Member
Beiträge: 11 |
#34
so hier der bericht vom scan
D:\Downloads\Internet Related\rkfiles PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Files Found in system Folder............ ------------------------ C:\WINDOWS2\system32\kqqlfm.exe: UPX! C:\WINDOWS2\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 C:\WINDOWS2\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 Files Found in all users startup Folder............ ------------------------ C:\WINDOWS2\system32\kqqlfm.exe: UPX! Files Found in all users windows Folder............ ------------------------ C:\WINDOWS2\daemon.dll: UPX! Finished bye MfG Dsching |
|
|
|
|
|
|
16.06.2005, 21:14
...neu hier
Beiträge: 6 |
#35
Hallo Sabina,
hier der Log von escan: -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Thu Jun 16 19:06:31 2005 => File c:\windows\system32\mqtcba.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 2: Thu Jun 16 19:06:53 2005 => File c:\windows\system32\mqtcba.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 3: Thu Jun 16 19:07:11 2005 => System found infected with Gator Spyware/Adware ({21FFB6C0-0DA1-11D5-A9D5-00500413153C})! Action taken: No Action Taken. 4: Thu Jun 16 19:07:12 2005 => System found infected with Bargain Buddy Spyware/Adware ({f4e04583-354e-4076-be7d-ed6a80fd66da})! Action taken: No Action Taken. 5: Thu Jun 16 19:07:14 2005 => System found infected with AltnetBDE Spyware/Adware (adm4.adm4)! Action taken: No Action Taken. 6: Thu Jun 16 19:07:14 2005 => System found infected with AltnetBDE Spyware/Adware (adm25.adm25)! Action taken: No Action Taken. 7: Thu Jun 16 19:07:22 2005 => System found infected with AltnetBDE Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken. 8: Thu Jun 16 19:07:22 2005 => System found infected with AltnetBDE Spyware/Adware (adm.exe)! Action taken: No Action Taken. 9: Thu Jun 16 19:07:23 2005 => System found infected with CWS.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken. 10: Thu Jun 16 19:21:53 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* 11: Thu Jun 16 19:21:53 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\A0021624.EXE.VIR 12: Thu Jun 16 19:21:53 2005 => File C:\Programme\AVPersonal\INFECTED\A0021624.EXE.VIR infected by "Trojan-Downloader.Win32.Keenval.f" Virus! Action Taken: No Action Taken. 13: Thu Jun 16 19:21:53 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\SEARCHUPGRADERINSTALL_110.EXE.001 14: Thu Jun 16 19:21:54 2005 => File C:\Programme\AVPersonal\INFECTED\SEARCHUPGRADERINSTALL_110.EXE.001 infected by "Trojan-Downloader.Win32.Keenval.g" Virus! Action Taken: No Action Taken. 15: Thu Jun 16 19:21:54 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\SEARCHUPGRADERINSTALL_110.EXE.VIR 16: Thu Jun 16 19:21:54 2005 => File C:\Programme\AVPersonal\INFECTED\SEARCHUPGRADERINSTALL_110.EXE.VIR infected by "Trojan-Downloader.Win32.Keenval.g" Virus! Action Taken: No Action Taken. 17: Thu Jun 16 19:21:54 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\SET1E45.TMP.VIR 18: Thu Jun 16 19:21:54 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\SETUP.EXE.001 19: Thu Jun 16 19:21:54 2005 => File C:\Programme\AVPersonal\INFECTED\SETUP.EXE.001 infected by "Trojan-Downloader.Win32.Small.alx" Virus! Action Taken: No Action Taken. 20: Thu Jun 16 19:21:54 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\SETUP.EXE.VIR 21: Thu Jun 16 19:21:54 2005 => File C:\Programme\AVPersonal\INFECTED\SETUP.EXE.VIR infected by "Trojan-Downloader.Win32.Small.alx" Virus! Action Taken: No Action Taken. 22: Thu Jun 16 19:49:58 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP153\A0021319.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 23: Thu Jun 16 19:49:58 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP153\A0021320.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 24: Thu Jun 16 19:49:59 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP153\A0021340.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 25: Thu Jun 16 19:49:59 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP153\A0021341.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 26: Thu Jun 16 19:50:04 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP154\A0021411.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 27: Thu Jun 16 19:50:04 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP154\A0021412.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 28: Thu Jun 16 19:50:24 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP155\A0021490.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 29: Thu Jun 16 19:50:24 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP155\A0021491.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 30: Thu Jun 16 19:50:32 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP156\A0021540.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 31: Thu Jun 16 19:50:49 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP157\A0021609.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 32: Thu Jun 16 19:50:50 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP157\A0021610.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 33: Thu Jun 16 19:50:51 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP158\A0021625.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus! Action Taken: No Action Taken. 34: Thu Jun 16 19:51:18 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP159\A0021731.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 35: Thu Jun 16 19:51:18 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP159\A0021732.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 36: Thu Jun 16 19:51:20 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP159\A0021769.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 37: Thu Jun 16 19:51:22 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP160\A0021797.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 38: Thu Jun 16 19:51:23 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP160\A0021798.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 39: Thu Jun 16 19:51:44 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP162\A0021974.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 40: Thu Jun 16 19:51:44 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP162\A0021975.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 41: Thu Jun 16 19:51:44 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP162\A0021979.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 42: Thu Jun 16 19:51:45 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP162\A0021980.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 43: Thu Jun 16 19:51:46 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP162\A0022023.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 44: Thu Jun 16 19:51:47 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP162\A0022024.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 45: Thu Jun 16 19:51:49 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP163\A0022058.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 46: Thu Jun 16 19:51:49 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP163\A0022059.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 47: Thu Jun 16 19:51:50 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP163\A0022088.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 48: Thu Jun 16 19:51:51 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP163\A0022089.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 49: Thu Jun 16 19:51:51 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP163\A0022104.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 50: Thu Jun 16 19:51:52 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP163\A0022105.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 51: Thu Jun 16 19:52:02 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP164\A0022163.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 52: Thu Jun 16 19:52:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP164\A0022169.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 53: Thu Jun 16 19:52:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP164\A0022170.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 54: Thu Jun 16 19:52:05 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP164\A0022198.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 55: Thu Jun 16 19:52:05 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP164\A0022199.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 56: Thu Jun 16 19:52:06 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP164\A0022220.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 57: Thu Jun 16 19:52:07 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP164\A0022221.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 58: Thu Jun 16 19:52:25 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP164\A0022261.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 59: Thu Jun 16 19:52:26 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP164\A0022277.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 60: Thu Jun 16 19:52:26 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP164\A0022278.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 61: Thu Jun 16 19:52:27 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP164\A0022302.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 62: Thu Jun 16 19:52:27 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP164\A0022303.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 63: Thu Jun 16 19:52:45 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022406.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 64: Thu Jun 16 19:52:45 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022407.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 65: Thu Jun 16 19:52:46 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022420.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 66: Thu Jun 16 19:52:46 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022421.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 67: Thu Jun 16 19:52:47 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022434.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 68: Thu Jun 16 19:52:47 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022453.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 69: Thu Jun 16 19:52:48 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022466.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 70: Thu Jun 16 19:52:48 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022467.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 71: Thu Jun 16 19:52:49 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022489.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 72: Thu Jun 16 19:52:49 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022490.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 73: Thu Jun 16 19:52:50 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022501.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 74: Thu Jun 16 19:52:50 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022502.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 75: Thu Jun 16 19:52:50 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022508.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 76: Thu Jun 16 19:52:51 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022527.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 77: Thu Jun 16 19:52:51 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP165\A0022528.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Thu Jun 16 19:08:34 2005 => File C:\WINDOWS\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken. 2: Thu Jun 16 19:16:52 2005 => File C:\Dokumente und Einstellungen\Download\Videos\larry8_plus7.zip tagged as not-a-virus:CrackTool.Win32.HotHook. No Action Taken. 3: Thu Jun 16 19:22:07 2005 => File C:\Programme\BitTorrent\uninstall.exe tagged as not-a-virus:Tool.Win32.Processor.1001. No Action Taken. 4: Thu Jun 16 19:40:47 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP103\A0013319.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 5: Thu Jun 16 19:40:48 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP103\A0013342.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 6: Thu Jun 16 19:40:48 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP103\A0013343.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 7: Thu Jun 16 19:40:48 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP103\A0013344.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 8: Thu Jun 16 19:40:50 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP104\A0013374.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 9: Thu Jun 16 19:41:01 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP104\A0013449.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 10: Thu Jun 16 19:41:01 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP104\A0013450.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 11: Thu Jun 16 19:41:02 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP104\A0013451.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 12: Thu Jun 16 19:41:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP105\A0013480.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 13: Thu Jun 16 19:41:04 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP105\A0013511.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 14: Thu Jun 16 19:41:04 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP105\A0013512.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 15: Thu Jun 16 19:41:04 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP105\A0013513.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 16: Thu Jun 16 19:41:05 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP105\A0013531.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 17: Thu Jun 16 19:41:06 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP105\A0013546.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 18: Thu Jun 16 19:41:06 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP105\A0013547.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 19: Thu Jun 16 19:41:06 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP105\A0013548.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 20: Thu Jun 16 19:41:08 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP106\A0013577.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 21: Thu Jun 16 19:41:08 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP106\A0013596.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 22: Thu Jun 16 19:41:09 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP106\A0013605.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 23: Thu Jun 16 19:41:09 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP106\A0013607.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 24: Thu Jun 16 19:41:09 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP106\A0013609.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 25: Thu Jun 16 19:41:11 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP107\A0013636.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 26: Thu Jun 16 19:41:12 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP107\A0013656.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 27: Thu Jun 16 19:41:12 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP107\A0013657.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 28: Thu Jun 16 19:41:12 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP107\A0013658.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 29: Thu Jun 16 19:41:14 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP108\A0013676.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 30: Thu Jun 16 19:41:14 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP108\A0013692.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 31: Thu Jun 16 19:41:14 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP108\A0013693.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 32: Thu Jun 16 19:41:14 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP108\A0013694.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 33: Thu Jun 16 19:41:15 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP108\A0013710.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 34: Thu Jun 16 19:41:17 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP109\A0013737.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 35: Thu Jun 16 19:41:20 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP109\A0013781.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 36: Thu Jun 16 19:41:20 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP109\A0013782.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 37: Thu Jun 16 19:41:20 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP109\A0013783.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 38: Thu Jun 16 19:41:21 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP109\A0013790.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 39: Thu Jun 16 19:41:23 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP110\A0013840.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 40: Thu Jun 16 19:41:24 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP110\A0013868.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 41: Thu Jun 16 19:41:25 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP110\A0013876.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 42: Thu Jun 16 19:41:25 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP110\A0013895.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 43: Thu Jun 16 19:41:26 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP110\A0013902.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 44: Thu Jun 16 19:41:26 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP110\A0013907.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 45: Thu Jun 16 19:41:26 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP110\A0013909.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 46: Thu Jun 16 19:41:27 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP111\A0013924.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 47: Thu Jun 16 19:41:29 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP111\A0013962.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 48: Thu Jun 16 19:41:29 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP111\A0013970.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 49: Thu Jun 16 19:41:29 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP111\A0013972.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 50: Thu Jun 16 19:41:29 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP111\A0013973.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 51: Thu Jun 16 19:41:31 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP112\A0014000.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 52: Thu Jun 16 19:41:32 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP112\A0014041.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 53: Thu Jun 16 19:41:33 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP112\A0014049.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 54: Thu Jun 16 19:41:33 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP112\A0014051.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 55: Thu Jun 16 19:41:33 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP112\A0014052.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 56: Thu Jun 16 19:41:41 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP112\A0014090.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 57: Thu Jun 16 19:41:44 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP113\A0014130.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 58: Thu Jun 16 19:41:44 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP113\A0014138.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 59: Thu Jun 16 19:41:44 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP113\A0014140.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 60: Thu Jun 16 19:41:44 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP113\A0014141.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 61: Thu Jun 16 19:41:45 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP113\A0014156.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 62: Thu Jun 16 19:41:46 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP113\A0014184.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 63: Thu Jun 16 19:41:46 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP113\A0014198.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 64: Thu Jun 16 19:41:46 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP113\A0014199.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 65: Thu Jun 16 19:41:47 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP113\A0014200.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 66: Thu Jun 16 19:41:48 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP114\A0014214.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 67: Thu Jun 16 19:41:49 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP114\A0014244.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 68: Thu Jun 16 19:41:50 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP114\A0014277.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 69: Thu Jun 16 19:41:50 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP114\A0014278.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 70: Thu Jun 16 19:41:50 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP114\A0014279.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 71: Thu Jun 16 19:41:52 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP115\A0014311.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 72: Thu Jun 16 19:41:55 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP115\A0014335.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 73: Thu Jun 16 19:41:56 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP115\A0014343.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 74: Thu Jun 16 19:41:58 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP116\A0014379.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 75: Thu Jun 16 19:41:58 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP116\A0014388.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 76: Thu Jun 16 19:41:58 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP116\A0014390.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 77: Thu Jun 16 19:41:58 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP116\A0014391.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 78: Thu Jun 16 19:41:59 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP116\A0014407.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 79: Thu Jun 16 19:42:01 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP117\A0014429.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 80: Thu Jun 16 19:42:01 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP117\A0014433.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken. 81: Thu Jun 16 19:42:02 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP117\A0014441.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 82: Thu Jun 16 19:42:02 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP117\A0014443.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 83: Thu Jun 16 19:42:02 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP117\A0014444.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 84: Thu Jun 16 19:42:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP117\A0014471.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 85: Thu Jun 16 19:42:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP117\A0014486.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 86: Thu Jun 16 19:42:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP117\A0014487.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 87: Thu Jun 16 19:42:04 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP117\A0014488.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 88: Thu Jun 16 19:42:04 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP117\snapshot\MFEX-1.DAT tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 89: Thu Jun 16 19:42:06 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP118\A0014512.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 90: Thu Jun 16 19:42:06 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP118\A0014528.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 91: Thu Jun 16 19:42:06 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP118\A0014529.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 92: Thu Jun 16 19:42:06 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP118\A0014530.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 93: Thu Jun 16 19:42:08 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014553.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 94: Thu Jun 16 19:42:08 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014562.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 95: Thu Jun 16 19:42:08 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014563.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 96: Thu Jun 16 19:42:09 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014564.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 97: Thu Jun 16 19:42:12 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014590.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 98: Thu Jun 16 19:42:13 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014616.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 99: Thu Jun 16 19:42:14 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014632.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 100: Thu Jun 16 19:42:14 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014633.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 101: Thu Jun 16 19:42:14 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014634.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 102: Thu Jun 16 19:42:14 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014645.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 103: Thu Jun 16 19:42:16 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014679.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 104: Thu Jun 16 19:42:17 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014708.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 105: Thu Jun 16 19:42:17 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014709.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 106: Thu Jun 16 19:42:17 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014710.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 107: Thu Jun 16 19:42:19 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014727.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 108: Thu Jun 16 19:42:20 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014743.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 109: Thu Jun 16 19:42:20 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014744.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 110: Thu Jun 16 19:42:20 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014745.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 111: Thu Jun 16 19:42:21 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014766.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 112: Thu Jun 16 19:42:21 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014780.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 113: Thu Jun 16 19:42:21 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014781.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 114: Thu Jun 16 19:42:21 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014782.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 115: Thu Jun 16 19:42:22 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014794.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 116: Thu Jun 16 19:42:24 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014838.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 117: Thu Jun 16 19:42:24 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014851.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 118: Thu Jun 16 19:42:24 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014852.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 119: Thu Jun 16 19:42:24 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP119\A0014853.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 120: Thu Jun 16 19:42:45 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0014928.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 121: Thu Jun 16 19:45:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016199.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 122: Thu Jun 16 19:45:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016214.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 123: Thu Jun 16 19:45:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016215.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 124: Thu Jun 16 19:45:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016216.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 125: Thu Jun 16 19:45:04 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016224.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 126: Thu Jun 16 19:45:05 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016249.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 127: Thu Jun 16 19:45:05 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016262.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 128: Thu Jun 16 19:45:05 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016263.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 129: Thu Jun 16 19:45:05 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016265.exe tagged as "not-a-virus:AdWare.BargainBuddy.y". Action Taken: No Action Taken. 130: Thu Jun 16 19:45:06 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016266.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 131: Thu Jun 16 19:45:09 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016283.dll tagged as "not-a-virus:AdWare.BargainBuddy.l". Action Taken: No Action Taken. 132: Thu Jun 16 19:45:09 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016284.exe tagged as "not-a-virus:AdWare.BargainBuddy.y". Action Taken: No Action Taken. 133: Thu Jun 16 19:45:09 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016288.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 134: Thu Jun 16 19:45:10 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016312.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 135: Thu Jun 16 19:45:11 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016330.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 136: Thu Jun 16 19:45:11 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016331.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 137: Thu Jun 16 19:45:11 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP120\A0016332.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 138: Thu Jun 16 19:45:43 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016414.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 139: Thu Jun 16 19:45:44 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016448.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 140: Thu Jun 16 19:45:45 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016481.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 141: Thu Jun 16 19:45:46 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016493.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 142: Thu Jun 16 19:45:46 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016494.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 143: Thu Jun 16 19:45:46 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016495.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 144: Thu Jun 16 19:45:47 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016504.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 145: Thu Jun 16 19:45:48 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016528.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 146: Thu Jun 16 19:45:50 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016559.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 147: Thu Jun 16 19:45:51 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016560.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 148: Thu Jun 16 19:45:51 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016561.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 149: Thu Jun 16 19:45:51 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016570.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 150: Thu Jun 16 19:45:52 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016597.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 151: Thu Jun 16 19:45:53 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016612.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 152: Thu Jun 16 19:45:53 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016613.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 153: Thu Jun 16 19:45:53 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016614.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 154: Thu Jun 16 19:45:54 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016622.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 155: Thu Jun 16 19:45:56 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP122\A0016652.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 156: Thu Jun 16 19:45:57 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP123\A0016672.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 157: Thu Jun 16 19:45:58 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP123\A0016689.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 158: Thu Jun 16 19:45:58 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP123\A0016690.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 159: Thu Jun 16 19:45:58 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP123\A0016691.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 160: Thu Jun 16 19:45:59 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP123\A0016703.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 161: Thu Jun 16 19:46:00 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP124\A0016720.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 162: Thu Jun 16 19:46:01 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP124\A0016736.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 163: Thu Jun 16 19:46:01 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP124\A0016737.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 164: Thu Jun 16 19:46:01 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP124\A0016738.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 165: Thu Jun 16 19:46:02 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP124\A0016765.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 166: Thu Jun 16 19:46:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP124\A0016779.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 167: Thu Jun 16 19:46:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP124\A0016796.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 168: Thu Jun 16 19:46:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP124\A0016797.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 169: Thu Jun 16 19:46:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP124\A0016798.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 170: Thu Jun 16 19:46:04 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP124\A0016806.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 171: Thu Jun 16 19:46:06 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP125\A0016828.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 172: Thu Jun 16 19:46:06 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP125\A0016847.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 173: Thu Jun 16 19:46:09 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP125\A0016870.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 174: Thu Jun 16 19:46:10 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP125\A0016871.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 175: Thu Jun 16 19:46:10 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP125\A0016872.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 176: Thu Jun 16 19:46:10 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP125\A0016879.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 177: Thu Jun 16 19:46:11 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP125\A0016904.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 178: Thu Jun 16 19:46:12 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP125\A0016919.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 179: Thu Jun 16 19:46:12 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP125\A0016920.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 180: Thu Jun 16 19:46:12 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP125\A0016921.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 181: Thu Jun 16 19:46:13 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP126\A0016934.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 182: Thu Jun 16 19:46:14 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP126\A0016953.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 183: Thu Jun 16 19:46:15 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP126\A0016968.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 184: Thu Jun 16 19:46:16 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP126\A0016985.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 185: Thu Jun 16 19:46:16 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP126\A0016986.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 186: Thu Jun 16 19:46:16 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP126\A0016987.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 187: Thu Jun 16 19:46:16 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP126\A0016996.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 188: Thu Jun 16 19:46:18 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP126\A0017033.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 189: Thu Jun 16 19:46:19 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP127\A0017046.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 190: Thu Jun 16 19:46:19 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP127\A0017047.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 191: Thu Jun 16 19:46:19 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP127\A0017048.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 192: Thu Jun 16 19:46:20 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP127\A0017054.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 193: Thu Jun 16 19:46:21 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP127\A0017079.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 194: Thu Jun 16 19:46:22 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP127\A0017118.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 195: Thu Jun 16 19:46:27 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP127\A0017148.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 196: Thu Jun 16 19:46:27 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP127\A0017149.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 197: Thu Jun 16 19:46:28 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP127\A0017150.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 198: Thu Jun 16 19:46:28 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP127\A0017157.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 199: Thu Jun 16 19:46:30 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP128\A0017178.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 200: Thu Jun 16 19:46:31 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP128\A0017207.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 201: Thu Jun 16 19:46:32 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP128\A0017231.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 202: Thu Jun 16 19:46:32 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP128\A0017240.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 203: Thu Jun 16 19:46:32 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP128\A0017244.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 204: Thu Jun 16 19:46:32 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP128\A0017246.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 205: Thu Jun 16 19:46:34 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP128\A0017255.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 206: Thu Jun 16 19:46:37 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP129\A0017294.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 207: Thu Jun 16 19:46:40 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP130\A0017335.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 208: Thu Jun 16 19:46:40 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP130\A0017336.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 209: Thu Jun 16 19:46:40 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP130\A0017337.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 210: Thu Jun 16 19:46:42 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP131\A0017343.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 211: Thu Jun 16 19:46:43 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP131\A0017362.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 212: Thu Jun 16 19:46:46 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP131\A0017393.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 213: Thu Jun 16 19:46:47 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP131\A0017394.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 214: Thu Jun 16 19:46:47 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP131\A0017395.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 215: Thu Jun 16 19:46:49 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP132\A0017428.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 216: Thu Jun 16 19:46:55 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP132\A0017479.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 217: Thu Jun 16 19:46:55 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP132\A0017494.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 218: Thu Jun 16 19:46:55 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP132\A0017495.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 219: Thu Jun 16 19:46:55 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP132\A0017496.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 220: Thu Jun 16 19:46:56 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP132\A0017512.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 221: Thu Jun 16 19:46:57 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP132\A0017544.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 222: Thu Jun 16 19:46:58 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP132\A0017557.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 223: Thu Jun 16 19:46:58 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP132\A0017558.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 224: Thu Jun 16 19:46:58 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP132\A0017559.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 225: Thu Jun 16 19:46:58 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP132\A0017568.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 226: Thu Jun 16 19:47:00 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017585.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 227: Thu Jun 16 19:47:01 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017604.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 228: Thu Jun 16 19:47:02 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017616.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 229: Thu Jun 16 19:47:02 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017617.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 230: Thu Jun 16 19:47:02 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017618.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 231: Thu Jun 16 19:47:02 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017627.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 232: Thu Jun 16 19:47:03 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017642.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 233: Thu Jun 16 19:47:04 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017665.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 234: Thu Jun 16 19:47:04 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017666.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 235: Thu Jun 16 19:47:04 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017667.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 236: Thu Jun 16 19:47:05 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017677.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 237: Thu Jun 16 19:47:06 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017696.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 238: Thu Jun 16 19:47:07 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017721.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 239: Thu Jun 16 19:47:07 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017732.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 240: Thu Jun 16 19:47:07 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017733.exe tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 241: Thu Jun 16 19:47:07 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP133\A0017734.vxd tagged as "not-a-virus:AdWare.BargainBuddy.q". Action Taken: No Action Taken. 242: Thu Jun 16 19:47:09 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP134\A0017754.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 243: Thu Jun 16 19:47:10 2005 => File C:\System Volume Information\_restore{24289D6B-06F0-4CA6-9916-0832760BBC54}\RP134\A0017771.exe tagged as "not-a-virus:AdWare.WebSearch.ac". Action Taken: No Action Taken. 244: Thu Jun 16 19:47:11 2005 => File C:\Syst |
|
|
|
|
|
|
17.06.2005, 13:00
Ehrenmitglied
Beiträge: 29434 |
#36
Hallo@Erwin
Deaktivieren Wiederherstellung (dann aktiviere sie wieder) http://virus-protect.org/Systemwiederherstellung.html «XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. loesche mit der Killbox: c:\windows\system32\mqtcba.exe c:\windows\system32\kxhpwmr.exe C:\WINDOWS\Nail.exe C:\WINDOWS\WAOL.EXE PC neustarten Fixe mit dem HijackThis: F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O4 - HKLM\..\Run: [hlofbvr] c:\windows\system32\kxhpwmr.exe r PC neustarten CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html  Zitat Hallo Sabina, Start--> Ausfuehren--> cmd--> kopiere nur die Eintraege der letzten Tage raus einzeln reinkopieren: cd\ cd %windir%\system32 dir /a:-d /o:-d > %systemdrive%\system32.txt start %systemdrive%\system32.txt cls exit cd\ cd %temp%\ dir /a:-d /o:-d > %systemdrive%\systemtemp.txt start %systemdrive%\systemtemp.txt cls exit cd\ cd %windir% dir /a:-d /o:-d > %systemdrive%\system.txt start %systemdrive%\system.txt cls exit cd\ dir /a:-d /o:-d > %systemdrive%\sys.txt start %systemdrive%\sys.txt cls exit __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.06.2005, 13:02
Ehrenmitglied
Beiträge: 29434 |
#37
Hallo@Dsching
Loesche:C:\WINDOWS2\system32\kqqlfm.exe (mit der killbox) Deaktivieren Wiederherstellung (dann aktiviere sie wieder) «XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. http://virus-protect.org/Systemwiederherstellung.html dann: scanne mit escan--> im abgesicherten Modus  http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
17.06.2005, 17:27
Member
Beiträge: 11 |
#38
Hallo Sabina
ich hab versucht die datei zu löschen, aber es kam die selbe meldung wie beim letzten mal. wenn ich mit selber rebooten mache kommt die meldung ,dass die datei anscheinend nicht existiert. |
|
|
|
|
|
|
17.06.2005, 23:56
Ehrenmitglied
Beiträge: 29434 |
#39
Hallo@Dsching
die Datei scheint sich staendig umzubennen dann: scanne mit escan--> im abgesicherten Modus http://virus-protect.org/escan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
18.06.2005, 12:46
Member
Beiträge: 11 |
#40
Hallo Sabina,
hier ist der Bericht vom Escan: -------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Sat Jun 18 11:49:42 2005 => File c:\windows2\system32\jmjsdwo.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 2: Sat Jun 18 11:49:57 2005 => File c:\windows2\system32\jmjsdwo.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 3: Sat Jun 18 11:50:09 2005 => File C:\WINDOWS2\svcproc.exe infected by "Trojan.Win32.Stervis.c" Virus! Action Taken: No Action Taken. 4: Sat Jun 18 11:50:12 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. 5: Sat Jun 18 11:51:45 2005 => File C:\WINDOWS2\System32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken. 6: Sat Jun 18 11:58:34 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* 7: Sat Jun 18 11:58:36 2005 => Scanning Folder: C:\Programme\AVWin\INFECTED\*.* 8: Sat Jun 18 11:58:36 2005 => Scanning Folder: C:\Programme\AVWin\MAIL\INFECTED\*.* 9: Sat Jun 18 12:04:11 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP30\A0016094.exe infected by "Trojan-Dropper.Win32.Small.ih" Virus! Action Taken: No Action Taken. 10: Sat Jun 18 12:04:21 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP44\A0017294.exe infected by "Trojan.Win32.Revop.c" Virus! Action Taken: No Action Taken. 11: Sat Jun 18 12:04:23 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP46\A0018325.exe infected by "Backdoor.Win32.Ruledor.e" Virus! Action Taken: No Action Taken. 12: Sat Jun 18 12:05:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036053.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken. 13: Sat Jun 18 12:05:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036054.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken. 14: Sat Jun 18 12:05:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036055.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken. 15: Sat Jun 18 12:05:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036056.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken. 16: Sat Jun 18 12:05:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036057.dll infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken. 17: Sat Jun 18 12:05:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036061.exe infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken. 18: Sat Jun 18 12:05:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036066.exe infected by "Backdoor.Win32.Ruledor.e" Virus! Action Taken: No Action Taken. 19: Sat Jun 18 12:05:03 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036074.dll infected by "Trojan-Clicker.Win32.Delf.r" Virus! Action Taken: No Action Taken. 20: Sat Jun 18 12:05:21 2005 => File C:\System Volume Information\_restore{CD948B1E-61DC-4C6E-A5A2-B9913B7139F7}\RP1\A0000005.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 21: Sat Jun 18 12:05:22 2005 => File C:\System Volume Information\_restore{CD948B1E-61DC-4C6E-A5A2-B9913B7139F7}\RP1\A0000006.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 22: Sat Jun 18 12:05:22 2005 => File C:\System Volume Information\_restore{CD948B1E-61DC-4C6E-A5A2-B9913B7139F7}\RP1\A0000012.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 23: Sat Jun 18 12:05:22 2005 => File C:\System Volume Information\_restore{CD948B1E-61DC-4C6E-A5A2-B9913B7139F7}\RP1\A0000018.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 24: Sat Jun 18 12:11:14 2005 => File C:\WINDOWS2\system32\DrPMon.dll infected by "Trojan.Win32.Agent.db" Virus! Action Taken: No Action Taken. 25: Sat Jun 18 12:38:50 2005 => Scanning Folder: D:\Programme\AVPersonal\INFECTED\*.* 26: Sat Jun 18 12:38:50 2005 => Scanning File D:\Programme\AVPersonal\INFECTED\GETACCESS.CLASS-4C88EB1C-21B3F5F8.CLASS.VIR [**] -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Sat Jun 18 11:51:24 2005 => File C:\WINDOWS2\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken. 2: Sat Jun 18 11:51:24 2005 => File C:\WINDOWS2\niigfxaoyb.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken. 3: Sat Jun 18 11:51:26 2005 => File C:\WINDOWS2\vmrryu.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken. 4: Sat Jun 18 11:55:07 2005 => File C:\Dokumente und Einstellungen\Frederik\Lokale Einstellungen\Temp\msbbhook.dll tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken. 5: Sat Jun 18 11:58:19 2005 => File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken. 6: Sat Jun 18 12:04:22 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP45\A0018317.dll tagged as "not-a-virus:AdWare.Sidesearch.b". Action Taken: No Action Taken. 7: Sat Jun 18 12:04:55 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0033890.EXE tagged as "not-a-virus:AdWare.ClearSearch.n". Action Taken: No Action Taken. 8: Sat Jun 18 12:04:55 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0033891.DLL tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 9: Sat Jun 18 12:04:55 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0033892.exe tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 10: Sat Jun 18 12:04:55 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0034890.EXE tagged as "not-a-virus:AdWare.ClearSearch.n". Action Taken: No Action Taken. 11: Sat Jun 18 12:04:55 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0034891.DLL tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 12: Sat Jun 18 12:04:55 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0034892.exe tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 13: Sat Jun 18 12:04:55 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0034897.EXE tagged as "not-a-virus:AdWare.ClearSearch.n". Action Taken: No Action Taken. 14: Sat Jun 18 12:04:55 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0034898.DLL tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 15: Sat Jun 18 12:04:55 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0034899.exe tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 16: Sat Jun 18 12:04:56 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0035902.EXE tagged as "not-a-virus:AdWare.ClearSearch.n". Action Taken: No Action Taken. 17: Sat Jun 18 12:04:56 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0035903.DLL tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 18: Sat Jun 18 12:04:56 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0035904.exe tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 19: Sat Jun 18 12:05:00 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036028.DLL tagged as "not-a-virus:AdWare.ClearSearch.k". Action Taken: No Action Taken. 20: Sat Jun 18 12:05:01 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036029.EXE tagged as "not-a-virus:AdWare.ClearSearch.n". Action Taken: No Action Taken. 21: Sat Jun 18 12:05:01 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036030.DLL tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 22: Sat Jun 18 12:05:01 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036031.exe tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 23: Sat Jun 18 12:05:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036050.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken. 24: Sat Jun 18 12:05:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036051.DLL tagged as "not-a-virus:AdWare.ClearSearch.x". Action Taken: No Action Taken. 25: Sat Jun 18 12:05:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036052.exe tagged as "not-a-virus:AdWare.ClearSearch.f". Action Taken: No Action Taken. 26: Sat Jun 18 12:05:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036059.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken. 27: Sat Jun 18 12:05:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036060.exe tagged as "not-a-virus:AdWare.Sahat.a". Action Taken: No Action Taken. 28: Sat Jun 18 12:05:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036062.exe tagged as "not-a-virus:AdWare.BiSpy.f". Action Taken: No Action Taken. 29: Sat Jun 18 12:05:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036065.DLL tagged as "not-a-virus:AdWare.ClearSearch.b". Action Taken: No Action Taken. 30: Sat Jun 18 12:05:03 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036075.dll tagged as "not-a-virus:AdWare.BiSpy.m". Action Taken: No Action Taken. 31: Sat Jun 18 12:05:03 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036076.DLL tagged as "not-a-virus:AdWare.ClearSearch.k". Action Taken: No Action Taken. 32: Sat Jun 18 12:05:03 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036077.dll tagged as "not-a-virus:AdWare.Sidesearch.c". Action Taken: No Action Taken. 33: Sat Jun 18 12:05:22 2005 => File C:\System Volume Information\_restore{CD948B1E-61DC-4C6E-A5A2-B9913B7139F7}\RP1\A0000014.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken. 34: Sat Jun 18 12:07:43 2005 => File C:\WINDOWS2\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken. 35: Sat Jun 18 12:07:43 2005 => File C:\WINDOWS2\Neuer Ordner\Nail.exe tagged as "not-a-virus:AdWare.BetterInternet.b". Action Taken: No Action Taken. 36: Sat Jun 18 12:07:44 2005 => File C:\WINDOWS2\niigfxaoyb.exe tagged as "not-a-virus:AdWare.BetterInternet". Action Taken: No Action Taken. 37: Sat Jun 18 12:12:54 2005 => File C:\WINDOWS2\vmrryu.exe tagged as "not-a-virus:AdWare.BetterInternet.c". Action Taken: No Action Taken. 38: Sat Jun 18 12:12:57 2005 => File D:\Downloads\Benaliases5.5a.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. 39: Sat Jun 18 12:13:07 2005 => File D:\Downloads\Game Related\Benaliasesger5.5.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. 40: Sat Jun 18 12:13:07 2005 => File D:\Downloads\Game Related\CS maps\EsseXScriptpack2.2.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. 41: Sat Jun 18 12:13:26 2005 => File D:\Downloads\Game Related\pod25install.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. 42: Sat Jun 18 12:13:41 2005 => File D:\Downloads\Internet Related\mirc614.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken. 43: Sat Jun 18 12:16:04 2005 => File D:\Games\CS\SvenCoop\UpdateSC.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. 44: Sat Jun 18 12:39:15 2005 => File D:\System Volume Information\_restore{CD948B1E-61DC-4C6E-A5A2-B9913B7139F7}\RP1\A0000021.exe tagged as "not-a-virus  orn-Dialer.Win32.Star". Action Taken: No Action Taken.-------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Sat Jun 18 11:50:32 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS2\Downloaded Program Files\miniclipGameLoader.dll". Action Taken: No Action Taken. 2: Sat Jun 18 11:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\IDAPINST.DLL". Action Taken: No Action Taken. 3: Sat Jun 18 11:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_MSS.CNF". Action Taken: No Action Taken. 4: Sat Jun 18 11:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_SYB.CNF". Action Taken: No Action Taken. 5: Sat Jun 18 11:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_INT.CNF". Action Taken: No Action Taken. 6: Sat Jun 18 11:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_ORA.CNF". Action Taken: No Action Taken. 7: Sat Jun 18 11:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_ORA8.CNF". Action Taken: No Action Taken. 8: Sat Jun 18 11:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_INF.CNF". Action Taken: No Action Taken. 9: Sat Jun 18 11:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_INF9.CNF". Action Taken: No Action Taken. 10: Sat Jun 18 11:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_DB2.CNF". Action Taken: No Action Taken. 11: Sat Jun 18 11:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_SSC.CNF". Action Taken: No Action Taken. 12: Sat Jun 18 11:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\sql_DBv5.CNF". Action Taken: No Action Taken. 13: Sat Jun 18 11:50:33 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS2\Downloaded Program Files\miniclipGameLoader.dll". Action Taken: No Action Taken. 14: Sat Jun 18 11:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Proof\MSGRGE32.DLL". Action Taken: No Action Taken. 15: Sat Jun 18 11:50:34 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Proof\MSGR_GE.LEX". Action Taken: No Action Taken. 16: Sat Jun 18 11:50:39 2005 => Entry "HKCR\CLSID\{018FDBA7-1999-415F-9BED-DF47E0B818BD}" refers to invalid object "C:\PROGRA~1\ahead\Nero\WAVEED~1\AUDIOC~1.OCX". Action Taken: No Action Taken. 17: Sat Jun 18 11:50:39 2005 => Entry "HKCR\CLSID\{02D4863E-154F-40C3-9FF1-31F2F0F62A47}" refers to invalid object "C:\PROGRA~1\ahead\Nero\WAVEED~1\AUDIOC~1.OCX". Action Taken: No Action Taken. 18: Sat Jun 18 11:50:45 2005 => Entry "HKCR\CLSID\{5E4F85E7-E6AC-4BC3-8C04-0A62D65C4278}" refers to invalid object "C:\PROGRA~1\ahead\Nero\WAVEED~1\AUDIOC~1.OCX". Action Taken: No Action Taken. 19: Sat Jun 18 11:50:48 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken. 20: Sat Jun 18 11:50:48 2005 => Entry "HKCR\CLSID\{852BAC69-85C1-4E22-A9F5-4A6D9100B6A4}" refers to invalid object "C:\PROGRA~1\ahead\Nero\WAVEED~1\AUDIOC~1.OCX". Action Taken: No Action Taken. 21: Sat Jun 18 11:50:48 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. 22: Sat Jun 18 11:50:51 2005 => Entry "HKCR\CLSID\{b350124f-37ed-4306-adc6-15b89096c14a}" refers to invalid object "d:\games\ea sports\fifa 2003\becontrols_pc_z.dll". Action Taken: No Action Taken. 23: Sat Jun 18 11:50:54 2005 => Entry "HKCR\CLSID\{D2DCCD86-F9B5-49C4-B4E2-481DF99E44AB}" refers to invalid object "C:\PROGRA~1\ahead\Nero\WAVEED~1\AUDIOC~1.OCX". Action Taken: No Action Taken. 24: Sat Jun 18 11:50:55 2005 => Entry "HKCR\CLSID\{d8c327ff-e3c4-45f7-8fe5-a78084208dfa}" refers to invalid object "d:\games\ea sports\fifa 2003\becontrols_pc_z.dll". Action Taken: No Action Taken. 25: Sat Jun 18 11:50:55 2005 => Entry "HKCR\CLSID\{E3B1561E-0A04-42a2-86F7-9829CE20E959}" refers to invalid object "d:\games\ea sports\fifa 2003\browserengine2.dll". Action Taken: No Action Taken. 26: Sat Jun 18 11:50:56 2005 => Entry "HKCR\CLSID\{ECFA7321-14D6-4B33-8106-273E71ED05E8}" refers to invalid object "C:\PROGRA~1\ahead\Nero\WAVEED~1\AUDIOC~1.OCX". Action Taken: No Action Taken. 27: Sat Jun 18 11:51:03 2005 => Entry "HKCR\CDDBControlApple.CddbFullName.1" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. 28: Sat Jun 18 11:51:03 2005 => Entry "HKCR\CDDBControlApple.FullName" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. 29: Sat Jun 18 11:51:16 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 30: Sat Jun 18 11:51:16 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 31: Sat Jun 18 11:51:17 2005 => Entry "HKCR\retro64_loader.R64Loader" refers to invalid object "{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}". Action Taken: No Action Taken. 32: Sat Jun 18 11:51:17 2005 => Entry "HKCR\retro64_loader.R64Loader.1" refers to invalid object "{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}". Action Taken: No Action Taken. 33: Sat Jun 18 11:51:21 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. 34: Sat Jun 18 11:51:21 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. 35: Sat Jun 18 11:51:21 2005 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. 36: Sat Jun 18 11:51:21 2005 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. 37: Sat Jun 18 12:36:27 2005 => Result: ERROR!!! File D:\Games\WarCraft3\Aufkl?rung.doc: Scanning Failure!!! 38: Sat Jun 18 12:36:27 2005 => ERROR!!! ScanFile fails for D:\Games\WarCraft3\Aufkl?rung.doc 39: Sat Jun 18 12:36:56 2005 => Result: ERROR!!! File D:\Games\wc3\Aufkl?rung.doc: Scanning Failure!!! 40: Sat Jun 18 12:36:56 2005 => ERROR!!! ScanFile fails for D:\Games\wc3\Aufkl?rung.doc -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: c:\windows2\system32\jmjsdwo.exe => Trojan.Win32.Agent.ay 2: C:\WINDOWS2\svcproc.exe => Trojan.Win32.Stervis.c 3: C:\WINDOWS2\System32\DrPMon.dll => Trojan.Win32.Agent.db 4: C:\Program Files\mIRC\mirc.exe => tagged:Client-IRC.Win32.mIRC.14. 5: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP30\A0016094.exe => Trojan-Dropper.Win32.Small.ih 6: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP44\A0017294.exe => Trojan.Win32.Revop.c 7: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP46\A0018325.exe => Backdoor.Win32.Ruledor.e 8: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036053.exe => Trojan-Downloader.Win32.Keenval 9: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036054.exe => Trojan-Downloader.Win32.Keenval 10: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036055.exe => Trojan-Downloader.Win32.Keenval 11: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036056.exe => Trojan-Downloader.Win32.Keenval 12: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036057.dll => Trojan-Downloader.Win32.Keenval.e 13: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036061.exe => Trojan-Downloader.Win32.Keenval.e 14: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036066.exe => Backdoor.Win32.Ruledor.e 15: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036074.dll => Trojan-Clicker.Win32.Delf.r 16: C:\System Volume Information\_restore{CD948B1E-61DC-4C6E-A5A2-B9913B7139F7}\RP1\A0000005.exe => Trojan.Win32.Agent.ay 17: C:\System Volume Information\_restore{CD948B1E-61DC-4C6E-A5A2-B9913B7139F7}\RP1\A0000006.exe => Trojan.Win32.Agent.ay 18: C:\System Volume Information\_restore{CD948B1E-61DC-4C6E-A5A2-B9913B7139F7}\RP1\A0000012.exe => Trojan.Win32.Agent.ay 19: C:\System Volume Information\_restore{CD948B1E-61DC-4C6E-A5A2-B9913B7139F7}\RP1\A0000018.exe => Trojan.Win32.Agent.ay 20: C:\WINDOWS2\system32\DrPMon.dll => Trojan.Win32.Agent.db 21: D:\Downloads\Benaliases5.5a.exe => tagged:Tool.Win32.Reboot. 22: D:\Downloads\Game Related\Benaliasesger5.5.exe => tagged:Tool.Win32.Reboot. 23: D:\Downloads\Game Related\CS maps\EsseXScriptpack2.2.exe => tagged:Tool.Win32.Reboot. 24: D:\Downloads\Game Related\mephbot0.91.zip => tagged:Tool.Win32.PrcView.3621. 25: D:\Downloads\Game Related\pod25install.exe => tagged:Tool.Win32.Reboot. 26: D:\Downloads\Internet Related\mirc614.exe => tagged:Client-IRC.Win32.mIRC.14. 27: D:\Games\CS\SvenCoop\UpdateSC.exe => tagged:Tool.Win32.Reboot. -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Sat Jun 18 12:39:16 2005 => Total Objects Scanned: 154357 Sat Jun 18 12:39:16 2005 => Total Virus(es) Found: 67 Sat Jun 18 12:39:17 2005 => Total Errors: 38 Sat Jun 18 12:39:17 2005 => Virus Database Date: 2005/06/18 Sat Jun 18 12:39:17 2005 => Virus Database Count: 135360 Sat Jun 18 12:39:27 2005 => Total Objects Scanned: 154357 Sat Jun 18 12:39:27 2005 => Total Virus(es) Found: 67 Sat Jun 18 12:39:28 2005 => Total Errors: 38 |
|
|
|
|
|
|
18.06.2005, 15:40
Ehrenmitglied
Beiträge: 29434 |
#41
Hallo@Dsching
Deaktivieren Wiederherstellung <--dann aktiviere sie wieder http://virus-protect.org/Systemwiederherstellung.html «XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. Loesche mit der Killbox: c:\windows2\system32\jmjsdwo.exe C:\WINDOWS2\svcproc.exe C:\WINDOWS2\System32\DrPMon.dll C:\WINDOWS2\Nail.exe C:\WINDOWS2\Neuer Ordner\Nail.exe C:\WINDOWS2\niigfxaoyb.exe C:\WINDOWS2\vmrryu.exe C:\Dokumente und Einstellungen\Frederik\Lokale Einstellungen\Temp\msbbhook.dll PC neustarten scanne noch mal mit escan + berichte __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
19.06.2005, 11:59
Member
Beiträge: 11 |
#42
so hier der neue Bericht vom escan
-------------------------------------------------- -------------------- INFECTED -------------------- -------------------------------------------------- 1: Sun Jun 19 10:51:31 2005 => File c:\windows2\system32\hdpknyh.exe infected by "Trojan.Win32.Agent.ay" Virus! Action Taken: No Action Taken. 2: Sun Jun 19 10:51:46 2005 => System found infected with Alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken. 3: Sun Jun 19 11:00:07 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.* 4: Sun Jun 19 11:00:09 2005 => Scanning Folder: C:\Programme\AVWin\INFECTED\*.* 5: Sun Jun 19 11:00:09 2005 => Scanning Folder: C:\Programme\AVWin\MAIL\INFECTED\*.* 6: Sun Jun 19 11:05:51 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP30\A0016094.exe infected by "Trojan-Dropper.Win32.Small.ih" Virus! Action Taken: No Action Taken. 7: Sun Jun 19 11:06:02 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP44\A0017294.exe infected by "Trojan.Win32.Revop.c" Virus! Action Taken: No Action Taken. 8: Sun Jun 19 11:06:03 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP46\A0018325.exe infected by "Backdoor.Win32.Ruledor.e" Virus! Action Taken: No Action Taken. 9: Sun Jun 19 11:06:42 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036053.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken. 10: Sun Jun 19 11:06:42 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036054.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken. 11: Sun Jun 19 11:06:42 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036055.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken. 12: Sun Jun 19 11:06:42 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036056.exe infected by "Trojan-Downloader.Win32.Keenval" Virus! Action Taken: No Action Taken. 13: Sun Jun 19 11:06:42 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036057.dll infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken. 14: Sun Jun 19 11:06:42 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036061.exe infected by "Trojan-Downloader.Win32.Keenval.e" Virus! Action Taken: No Action Taken. 15: Sun Jun 19 11:06:42 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036066.exe infected by "Backdoor.Win32.Ruledor.e" Virus! Action Taken: No Action Taken. 16: Sun Jun 19 11:06:43 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036074.dll infected by "Trojan-Clicker.Win32.Delf.r" Virus! Action Taken: No Action Taken. 17: Sun Jun 19 11:39:12 2005 => Scanning Folder: D:\Programme\AVPersonal\INFECTED\*.* 18: Sun Jun 19 11:39:12 2005 => Scanning File D:\Programme\AVPersonal\INFECTED\GETACCESS.CLASS-4C88EB1C-21B3F5F8.CLASS.VIR [**] -------------------------------------------------- --------------------- TAGGED --------------------- -------------------------------------------------- 1: Sun Jun 19 10:59:52 2005 => File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken. 2: Sun Jun 19 11:06:03 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP45\A0018317.dll tagged as "not-a-virus:AdWare.Sidesearch.b". Action Taken: No Action Taken. 3: Sun Jun 19 11:06:35 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0033890.EXE tagged as "not-a-virus:AdWare.ClearSearch.n". Action Taken: No Action Taken. 4: Sun Jun 19 11:06:35 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0033891.DLL tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 5: Sun Jun 19 11:06:35 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0033892.exe tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 6: Sun Jun 19 11:06:35 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0034890.EXE tagged as "not-a-virus:AdWare.ClearSearch.n". Action Taken: No Action Taken. 7: Sun Jun 19 11:06:35 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0034891.DLL tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 8: Sun Jun 19 11:06:35 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0034892.exe tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 9: Sun Jun 19 11:06:35 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0034897.EXE tagged as "not-a-virus:AdWare.ClearSearch.n". Action Taken: No Action Taken. 10: Sun Jun 19 11:06:35 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0034898.DLL tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 11: Sun Jun 19 11:06:36 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0034899.exe tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 12: Sun Jun 19 11:06:36 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0035902.EXE tagged as "not-a-virus:AdWare.ClearSearch.n". Action Taken: No Action Taken. 13: Sun Jun 19 11:06:36 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0035903.DLL tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 14: Sun Jun 19 11:06:36 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0035904.exe tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 15: Sun Jun 19 11:06:40 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036028.DLL tagged as "not-a-virus:AdWare.ClearSearch.k". Action Taken: No Action Taken. 16: Sun Jun 19 11:06:41 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036029.EXE tagged as "not-a-virus:AdWare.ClearSearch.n". Action Taken: No Action Taken. 17: Sun Jun 19 11:06:41 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036030.DLL tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 18: Sun Jun 19 11:06:41 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036031.exe tagged as "not-a-virus:AdWare.ClearSearch.j". Action Taken: No Action Taken. 19: Sun Jun 19 11:06:42 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036050.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken. 20: Sun Jun 19 11:06:42 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036051.DLL tagged as "not-a-virus:AdWare.ClearSearch.x". Action Taken: No Action Taken. 21: Sun Jun 19 11:06:42 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036052.exe tagged as "not-a-virus:AdWare.ClearSearch.f". Action Taken: No Action Taken. 22: Sun Jun 19 11:06:42 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036059.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken. 23: Sun Jun 19 11:06:42 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036060.exe tagged as "not-a-virus:AdWare.Sahat.a". Action Taken: No Action Taken. 24: Sun Jun 19 11:06:42 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036062.exe tagged as "not-a-virus:AdWare.BiSpy.f". Action Taken: No Action Taken. 25: Sun Jun 19 11:06:42 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036065.DLL tagged as "not-a-virus:AdWare.ClearSearch.b". Action Taken: No Action Taken. 26: Sun Jun 19 11:06:43 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036075.dll tagged as "not-a-virus:AdWare.BiSpy.m". Action Taken: No Action Taken. 27: Sun Jun 19 11:06:43 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036076.DLL tagged as "not-a-virus:AdWare.ClearSearch.k". Action Taken: No Action Taken. 28: Sun Jun 19 11:06:43 2005 => File C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036077.dll tagged as "not-a-virus:AdWare.Sidesearch.c". Action Taken: No Action Taken. 29: Sun Jun 19 11:15:03 2005 => File D:\Downloads\Benaliases5.5a.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. 30: Sun Jun 19 11:15:12 2005 => File D:\Downloads\Game Related\Benaliasesger5.5.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. 31: Sun Jun 19 11:15:13 2005 => File D:\Downloads\Game Related\CS maps\EsseXScriptpack2.2.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. 32: Sun Jun 19 11:15:32 2005 => File D:\Downloads\Game Related\pod25install.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. 33: Sun Jun 19 11:15:48 2005 => File D:\Downloads\Internet Related\mirc614.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.14. No Action Taken. 34: Sun Jun 19 11:18:23 2005 => File D:\Games\CS\SvenCoop\UpdateSC.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. -------------------------------------------------- --------------------- ERRORS --------------------- -------------------------------------------------- 1: Sun Jun 19 10:51:43 2005 => ERROR!!! Invalid Entry C:\WINDOWS2\svcproc.exe in SYSTEM\CurrentControlSet\Services\SvcProc... 2: Sun Jun 19 10:52:05 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS2\Downloaded Program Files\miniclipGameLoader.dll". Action Taken: No Action Taken. 3: Sun Jun 19 10:52:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\IDAPINST.DLL". Action Taken: No Action Taken. 4: Sun Jun 19 10:52:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_MSS.CNF". Action Taken: No Action Taken. 5: Sun Jun 19 10:52:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_SYB.CNF". Action Taken: No Action Taken. 6: Sun Jun 19 10:52:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_INT.CNF". Action Taken: No Action Taken. 7: Sun Jun 19 10:52:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_ORA.CNF". Action Taken: No Action Taken. 8: Sun Jun 19 10:52:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_ORA8.CNF". Action Taken: No Action Taken. 9: Sun Jun 19 10:52:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_INF.CNF". Action Taken: No Action Taken. 10: Sun Jun 19 10:52:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_INF9.CNF". Action Taken: No Action Taken. 11: Sun Jun 19 10:52:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_DB2.CNF". Action Taken: No Action Taken. 12: Sun Jun 19 10:52:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\SQL_SSC.CNF". Action Taken: No Action Taken. 13: Sun Jun 19 10:52:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Common Files\Borland Shared\BDE\sql_DBv5.CNF". Action Taken: No Action Taken. 14: Sun Jun 19 10:52:06 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS2\Downloaded Program Files\miniclipGameLoader.dll". Action Taken: No Action Taken. 15: Sun Jun 19 10:52:07 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Proof\MSGRGE32.DLL". Action Taken: No Action Taken. 16: Sun Jun 19 10:52:07 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Proof\MSGR_GE.LEX". Action Taken: No Action Taken. 17: Sun Jun 19 10:52:12 2005 => Entry "HKCR\CLSID\{018FDBA7-1999-415F-9BED-DF47E0B818BD}" refers to invalid object "C:\PROGRA~1\ahead\Nero\WAVEED~1\AUDIOC~1.OCX". Action Taken: No Action Taken. 18: Sun Jun 19 10:52:12 2005 => Entry "HKCR\CLSID\{02D4863E-154F-40C3-9FF1-31F2F0F62A47}" refers to invalid object "C:\PROGRA~1\ahead\Nero\WAVEED~1\AUDIOC~1.OCX". Action Taken: No Action Taken. 19: Sun Jun 19 10:52:19 2005 => Entry "HKCR\CLSID\{5E4F85E7-E6AC-4BC3-8C04-0A62D65C4278}" refers to invalid object "C:\PROGRA~1\ahead\Nero\WAVEED~1\AUDIOC~1.OCX". Action Taken: No Action Taken. 20: Sun Jun 19 10:52:22 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\Programme\Messenger\rtcimsp.dll". Action Taken: No Action Taken. 21: Sun Jun 19 10:52:22 2005 => Entry "HKCR\CLSID\{852BAC69-85C1-4E22-A9F5-4A6D9100B6A4}" refers to invalid object "C:\PROGRA~1\ahead\Nero\WAVEED~1\AUDIOC~1.OCX". Action Taken: No Action Taken. 22: Sun Jun 19 10:52:22 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken. 23: Sun Jun 19 10:52:25 2005 => Entry "HKCR\CLSID\{b350124f-37ed-4306-adc6-15b89096c14a}" refers to invalid object "d:\games\ea sports\fifa 2003\becontrols_pc_z.dll". Action Taken: No Action Taken. 24: Sun Jun 19 10:52:28 2005 => Entry "HKCR\CLSID\{D2DCCD86-F9B5-49C4-B4E2-481DF99E44AB}" refers to invalid object "C:\PROGRA~1\ahead\Nero\WAVEED~1\AUDIOC~1.OCX". Action Taken: No Action Taken. 25: Sun Jun 19 10:52:28 2005 => Entry "HKCR\CLSID\{d8c327ff-e3c4-45f7-8fe5-a78084208dfa}" refers to invalid object "d:\games\ea sports\fifa 2003\becontrols_pc_z.dll". Action Taken: No Action Taken. 26: Sun Jun 19 10:52:29 2005 => Entry "HKCR\CLSID\{E3B1561E-0A04-42a2-86F7-9829CE20E959}" refers to invalid object "d:\games\ea sports\fifa 2003\browserengine2.dll". Action Taken: No Action Taken. 27: Sun Jun 19 10:52:30 2005 => Entry "HKCR\CLSID\{ECFA7321-14D6-4B33-8106-273E71ED05E8}" refers to invalid object "C:\PROGRA~1\ahead\Nero\WAVEED~1\AUDIOC~1.OCX". Action Taken: No Action Taken. 28: Sun Jun 19 10:52:36 2005 => Entry "HKCR\CDDBControlApple.CddbFullName.1" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. 29: Sun Jun 19 10:52:36 2005 => Entry "HKCR\CDDBControlApple.FullName" refers to invalid object "{63338267-37c4-44cf-8e46-756fbe9c8fdc}". Action Taken: No Action Taken. 30: Sun Jun 19 10:52:50 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 31: Sun Jun 19 10:52:50 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken. 32: Sun Jun 19 10:52:51 2005 => Entry "HKCR\retro64_loader.R64Loader" refers to invalid object "{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}". Action Taken: No Action Taken. 33: Sun Jun 19 10:52:51 2005 => Entry "HKCR\retro64_loader.R64Loader.1" refers to invalid object "{288C5F13-7E52-4ADA-A32E-F5BF9D125F98}". Action Taken: No Action Taken. 34: Sun Jun 19 10:52:55 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. 35: Sun Jun 19 10:52:55 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken. 36: Sun Jun 19 10:52:55 2005 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. 37: Sun Jun 19 10:52:55 2005 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken. 38: Sun Jun 19 11:37:10 2005 => Result: ERROR!!! File D:\Games\WarCraft3\Aufkl?rung.doc: Scanning Failure!!! 39: Sun Jun 19 11:37:10 2005 => ERROR!!! ScanFile fails for D:\Games\WarCraft3\Aufkl?rung.doc 40: Sun Jun 19 11:37:34 2005 => Result: ERROR!!! File D:\Games\wc3\Aufkl?rung.doc: Scanning Failure!!! 41: Sun Jun 19 11:37:34 2005 => ERROR!!! ScanFile fails for D:\Games\wc3\Aufkl?rung.doc -------------------------------------------------- -------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT --------- -------------------------------------------------- 1: c:\windows2\system32\hdpknyh.exe => Trojan.Win32.Agent.ay 2: C:\Program Files\mIRC\mirc.exe => tagged:Client-IRC.Win32.mIRC.14. 3: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP30\A0016094.exe => Trojan-Dropper.Win32.Small.ih 4: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP44\A0017294.exe => Trojan.Win32.Revop.c 5: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP46\A0018325.exe => Backdoor.Win32.Ruledor.e 6: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036053.exe => Trojan-Downloader.Win32.Keenval 7: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036054.exe => Trojan-Downloader.Win32.Keenval 8: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036055.exe => Trojan-Downloader.Win32.Keenval 9: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036056.exe => Trojan-Downloader.Win32.Keenval 10: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036057.dll => Trojan-Downloader.Win32.Keenval.e 11: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036061.exe => Trojan-Downloader.Win32.Keenval.e 12: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036066.exe => Backdoor.Win32.Ruledor.e 13: C:\System Volume Information\_restore{165AB92E-3481-476C-ADB7-813D0CCF7EFA}\RP73\A0036074.dll => Trojan-Clicker.Win32.Delf.r 14: D:\Downloads\Benaliases5.5a.exe => tagged:Tool.Win32.Reboot. 15: D:\Downloads\Game Related\Benaliasesger5.5.exe => tagged:Tool.Win32.Reboot. 16: D:\Downloads\Game Related\CS maps\EsseXScriptpack2.2.exe => tagged:Tool.Win32.Reboot. 17: D:\Downloads\Game Related\pod25install.exe => tagged:Tool.Win32.Reboot. 18: D:\Downloads\Internet Related\mirc614.exe => tagged:Client-IRC.Win32.mIRC.14. 19: D:\Games\CS\SvenCoop\UpdateSC.exe => tagged:Tool.Win32.Reboot. -------------------------------------------------- -------------------- Statistik ------------------- -------------------------------------------------- Sun Jun 19 11:39:30 2005 => Total Objects Scanned: 154351 Sun Jun 19 11:39:30 2005 => Total Virus(es) Found: 49 Sun Jun 19 11:39:30 2005 => Total Errors: 39 Sun Jun 19 11:39:30 2005 => Virus Database Date: 2005/06/18 Sun Jun 19 11:39:30 2005 => Virus Database Count: 135360 Sun Jun 19 11:53:54 2005 => Total Objects Scanned: 154351 Sun Jun 19 11:53:54 2005 => Total Virus(es) Found: 49 Sun Jun 19 11:53:54 2005 => Total Errors: 39 |
|
|
|
|
|
|
19.06.2005, 17:19
Ehrenmitglied
Beiträge: 29434 |
#43
Hallo@Dsching
nun, du solltest die Systemwiederherstellung deaktivieren ...... Zitat Deaktivieren Wiederherstellung <--dann aktiviere sie wiederstarte nun escan neu und dann schau, ob das geloescht ist: C:\WINDOWS2\Downloaded Program Files\miniclipGameLoader.dll c:\windows2\system32\hdpknyh.exe •Download Registry Search Tool : http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip Doppelklick:regsrch.vbs reinkopieren: svcproc Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
20.06.2005, 21:58
...neu hier
Beiträge: 8 |
#44
hey@ Sabine (und alle anderen), dass hier habe ich wie bei dem ersten Link deiner Berschreibung auf Seite 2 kopiert:
Microsoft Windows XP [Version 5.1.2600] PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Dont delete file's in the section without guidance If any doubt back them up first »»»»» lagitamate file's can/will show in this section. »»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»» Checking Windir\svcproc.exe and nail.exe. Nail.exe »»»»» Checking for System32\DrPMon.dll. »»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 7038-829C Verzeichnis von C:\WINDOWS\SYSTEM32 20.06.2005 21:46 <DIR> cache32_rtneg4 0 Datei(en) 0 Bytes 1 Verzeichnis(se), 109.241.012.224 Bytes frei »»»»» Checking for SAHAgent ico files. Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: 7038-829C Verzeichnis von C:\WINDOWS\system32 20.06.2005 21:46 3.262 bose.ico 12.06.2005 20:03 3.262 creditcard32123123123asdsa1.ico 20.06.2005 21:46 3.262 dice23.ico 09.06.2005 22:01 3.262 kill all spyware4512.ico 08.06.2005 22:15 3.262 pinkkas.ico 12.06.2005 20:03 3.262 ps3-2a.ico 20.06.2005 21:46 3.262 ps31.ico 20.06.2005 21:45 2.238 red_kas21.ico 20.06.2005 21:46 2.238 red_kas221.ico 20.06.2005 21:46 3.262 vhe233a1.ico 08.06.2005 22:15 3.262 xboxa.ico 11 Datei(en) 33.834 Bytes 0 Verzeichnis(se), 109.241.012.224 Bytes frei »»»»»»»»»»»»»»»»»»»»»»»». ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\aurora ! REG.EXE VERSION 3.0 HKEY_CLASSES_ROOT\trfdsk.amo <NO NAME> REG_SZ amo Class ! REG.EXE VERSION 3.0 HKEY_CLASSES_ROOT\trfdsk.iiittt <NO NAME> REG_SZ iiittt Class ! REG.EXE VERSION 3.0 HKEY_CLASSES_ROOT\trfdsk.momo <NO NAME> REG_SZ momo Class ! REG.EXE VERSION 3.0 HKEY_CLASSES_ROOT\trfdsk.ohb <NO NAME> REG_SZ ohb Class So jetzt geh ich erst mal in den abgesicherten Modus |
|
|
|
|
|
|
20.06.2005, 23:52
Ehrenmitglied
Beiträge: 29434 |
#45
Hallo@Tarantine
Gehe in die registry Start-->Ausfuehren--> regedit loeschen: HKEY_CURRENT_USER\Software\aurora HKEY_CLASSES_ROOT\trfdsk.amo HKEY_CLASSES_ROOT\trfdsk.iiittt HKEY_CLASSES_ROOT\trfdsk.momo HKEY_CLASSES_ROOT\trfdsk.ohb loesche mit der Killbox: C:\WINDOWS\Nail.exe C:\WINDOWS\system32\bose.ico C:\WINDOWS\system32\creditcard32123123123asdsa1.ico C:\WINDOWS\system32\dice23.ico C:\WINDOWS\system32\kill all spyware4512.ico C:\WINDOWS\system32\pinkkas.ico C:\WINDOWS\system32\ps3-2a.ico C:\WINDOWS\system32\ps31.ico C:\WINDOWS\system32\red_kas21.ico C:\WINDOWS\system32\red_kas221.ico C:\WINDOWS\system32\vhe233a1.ico C:\WINDOWS\system32\xboxa.ico __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
loesche mit der Killbox:
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\GatorPdpSetup.log
C:\WINDOWS\GatorUninstaller_cme_u.log
C:\WINDOWS\smdat32m.sys
dann arbeite das bitte ab und poste alles
http://virus-protect.org/escan.html
__________
MfG Sabina
rund um die PC-Sicherheit