Home » Viren, Trojaner & Malware Forum » PC ist infiziert "your computer might be at risk" Bitte um Problemlösung! » Themenansicht
PC ist infiziert "your computer might be at risk" Bitte um Problemlösung! |
||
|---|---|---|
| #0
| ||
|
11.08.2005, 17:06
Member
Beiträge: 39 |
||
 
|
|
|
|
11.08.2005, 18:13
...neu hier
Beiträge: 8 |
#2
Man das sieht echt übel aus, aber hier bist Du in guten Händen!
|
|
|
|
|
|
|
12.08.2005, 22:32
Member
Beiträge: 1132 |
#3
Hi soho101,
packen wir es an. Mal sehen wie weit wir kommen! Dein System ist nicht auf dem aktuellsten Stand. Dringend bei www.windowsupdate.com aktualisieren. Vor allem SP2 aufspielen. CD erhälts Du kostenlos bei MS oder als Beilage zu manchen Computer-Zeitschriften. Deaktiviere die Systemwiederherstellung (Arbeitsplatz => Rechtsklick => Eigenschaften) => Häkchen setzen bei "Systemwiederherstellung auf allen Laufwerken deaktivieren => OK. Nach erfolgter Reinigung des Systems nicht vergessen, wieder zu aktivieren! Leere die Quarantäne Deines AVPersonal Killbox herunterladen http://www.bleepingcomputer.com/files/killbox.php Herunterladen CCleaner http://www.ccleaner.com/ccdownload.asp Benutze die Standardeinstellungen wie sie sind => Analysieren => Starte CCleaner. Löscht die Surfspuren, Temp-Dateien etc. Gehe in den abgesicherten Modus (F8 drücken beim Hochfahren des Rechners). Öffne Hijackthis und fixe (Häkchen setzen und "Fix checked" drücken) O2 - BHO: (no name) - {BD96164D-0ACB-4DEC-A8EB-A9597B702639} - C:\WINDOWS\System32\msacm32d.dll O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode Rechner neu starten Öffne die Killbox => Delete on Reboot => und kopiere die nachfolgende Dateien nacheinander mit kompletter Pfadangabe hinein, drücke das rote Kreuz und wenn angefragt wird, ob der Rechner neu gestartet werden soll, dann erst nch der letzten Datei mit "yes" antworten: C:\WINDOWS\System32\gpreetup.dll C:\WINDOWS\Downloaded Program Files\axload.dll Lasse folgende Dateien hier Jotti's Malware Scan http://virusscan.jotti.org/ oder hier virustotal http://www.virustotal.com/flash/index_en.html überprüfen: C:\WINDOWS\System32\msacm32d.dll C:\WINDOWS\System32\ftutil2.dll C:\WINDOWS\System32\pxwma.dll Silentrunners downloaden http://www.silentrunners.org/sr_download.html Lade den zip-File herunter. Die Gebrauchsanweisung findest Du hier: http://www.silentrunners.org/sr_scriptuse.html Entpacke das Programm in einen Ordner (z.B. "Eigene Dateien"). Doppelklicke auf Das Symbol "Silent Runners" in diesem Ordner. Das System wird gescannt und am Ende erscheint eine Message Box, dass der Vorgang beendet ist und der Name der Log-Datei. Sollte Dein Antivir Prog meckern, dann Silent Runners.vbs erlauben. Es wird im gleichen Verzeichnis eine Log-Datei angelegt "Silent Runners [Computer Name]Datum.txt. Doppelklicken und es öffnet sich das Log im Texteditor. Poste den gesamten Inhalt des Log. Gruß Heron __________ "Die Welt ist groß, weil der Kopf so klein" Wilhelm Busch |
|
|
|
|
|
|
13.08.2005, 00:08
Ehrenmitglied
 Beiträge: 29434 |
#4
Hallo@soho101
Jotti's Malware Scan ist hier nicht notwendig  --------------------------------------------------------------------------------- wie @Heron schon geschrieben hat Deaktivieren Wiederherstellung-->dann aktiviere sie wieder «XP Arbeitsplatz-->rechtsklick, dann auf Eigenschaften--->Reiter Systemwiederherstellung--->Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren. wie @Heron schon geschrieben hat #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten O2 - BHO: (no name) - {BD96164D-0ACB-4DEC-A8EB-A9597B702639} - C:\WINDOWS\System32\msacm32d.dll O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode PC neustarten •KillBox http://bilder.informationsarchiv.net/Nikitas_Tools/KillBox.zip Anleitung: (bebildert) http://virus-protect.org/killbox.html •Delete File on Reboot <--anhaken und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" C:\Programme\AVPersonal\INFECTED\winupdate43313275[1].VIR C:\Programme\AVPersonal\INFECTED\winupdate43313275[1].VIR C:\WINDOWS\System32\gpreetup.dll C:\WINDOWS\System32\msacm32d.dll C:\WINDOWS\System32\ftutil2.dll C:\WINDOWS\System32\pxwma.dll C:\WINDOWS\Downloaded Program Files\axload.dll PC neustarten CCleaner--> loesche alle *temp-Datein http://virus-protect.org/temp.html mache einen Onlinescan mit panda -->POSTE dasLog vom Scanhttp://virus-protect.org/onlinescan.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
13.08.2005, 15:22
Member
Themenstarter Beiträge: 39 |
#5
Hallo Heron und Sabina,
SUPER VIELEN DANK FÜR EURE SCHNELLE HILFE!!! Ich habe alles so gemacht, wie ihr es beschrieben habt! @Heron: Hier die Log Datei von "Silentrunnters": "Silent Runners.vbs", revision 39, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS] "Skype" = ""C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "ScheduleSync.Siemens.SmartSync.5.2.exe" = "C:\Programme\Mobile Phone Manager\SmartSync\ScheduleSync.exe" [empty string] "Zone Labs Client" = "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"] "AVGCtrl" = "C:\Programme\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"] "mmtask" = "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [file not found] "Resume copy" = "copyfstq.exe /startup" [null data] "dmtho.exe" = "C:\WINDOWS\System32\dmtho.exe" [null data] HKLM\Software\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided) \StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Programme\Messenger\msgsc.dll",ShowIconsUser" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID] -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{2b232f20-fa0d-11d1-8a3e-00c0f64105cd}" = "Shuttle Shell Extension for Drive" -> {CLSID}\InProcServer32\(Default) = "stlhook.dll" ["SCM Microsystems Inc."] "{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"] "{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens Device ContextMenuHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"] "{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}" = "Siemens SX1 PropertySheetHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Mobile Phone Manager\DES\DESShellExt.dll" ["Siemens AG"] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{59AF8E81-BE3C-11d5-BE40-00A0244C457F}" = "SafeGuard® PrivateCrypto extension" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Utimaco\SafeGuard PrivateCrypto\pcshell.dll" ["Utimaco Safeware AG"] "{A4D78B20-6E05-1069-8758-4E73FD83DEAD}" = "QCopy" -> {CLSID}\InProcServer32\(Default) = "dropcpyr.dll" [null data] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ INFECTION WARNING! "System" = "cshbu.exe" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] SGPCMenu\(Default) = "{59AF8E81-BE3C-11d5-BE40-00A0244C457F}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Utimaco\SafeGuard PrivateCrypto\pcshell.dll" ["Utimaco Safeware AG"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] SGPCMenu\(Default) = "{59AF8E81-BE3C-11d5-BE40-00A0244C457F}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\Utimaco\SafeGuard PrivateCrypto\pcshell.dll" ["Utimaco Safeware AG"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {CLSID}\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "Jens" & "All Users" startup folders: ------------------------------------------------------ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart "Adobe Gamma Loader.exe" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Logitech SetPoint" -> shortcut to: "C:\Programme\Logitech\SetPoint\KEM.exe" ["Logitech Inc."] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {B863453A-26C3-4E1F-A54D-A2CD196348E9}\ "ButtonText" = "ICQ Lite" "MenuText" = "ICQ Lite" "Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Service, AntiVirService, ""C:\Programme\AVPersonal\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"] AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 8 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 7 seconds. ---------- (total run time: 26 seconds) @Sabina: Hier die Log Datei von dem Scan mit Panda: Incident Status Location Possible Virus. No disinfected C:\Programme\Mobile Phone Manager\ESI_SETUP\data1.cab[xtndpc.exe] Possible Virus. No disinfected C:\Programme\Mobile Phone Manager\SmartSync\xtndpc.exe Adware:Adware/MediaTickets No disinfected C:\WINDOWS\Downloaded Program Files\eied.inf Virus:Trj/Downloader.DQU Disinfected C:\WINDOWS\system32\dflnl.exe Virus:Trj/Qhost.BP Disinfected C:\WINDOWS\system32\HCLEAN32.EXE.VIR Virus:Trj/Downloader.DQU Disinfected C:\WINDOWS\system32\hgqhp.exe Adware:Adware/QuickWeb No disinfected C:\WINDOWS\system32\ntfsnlpa.exe Virus:Trj/Downloader.DQU Disinfected C:\WINDOWS\system32\yaemu.exe Virus:Trj/Downloader.DYX Disinfected D:\Programme\Virenbekämpfung\backups\backup-20050813-142651-292.dll MfG, soho101 |
|
|
|
|
|
|
13.08.2005, 17:39
Ehrenmitglied
Beiträge: 29434 |
#6
Hallo@soho101
Killbox; http://virus-protect.org/killbox.html Delete File on Reboot (anhaken) von hier raus reinkopieren: C:\WINDOWS\system32\yaemu.exe C:\WINDOWS\Downloaded Program Files\eied.inf C:\WINDOWS\system32\hgqhp.exe C:\WINDOWS\system32\ntfsnlpa.exe und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes" PC neustarten Zitat Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fix.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.* WinPFind Download -->poste den Text http://www.bleepingcomputer.com/files/winpfind.php Anleitung: http://virus-protect.org/winpfind.html Download Find T.zip to root (C:\ ) http://bilder.informationsarchiv.net/Nikitas_Tools/FindT.zip in C:\ entpacken -- öffne "Find T" folder -- klicke batch file (runthis.bat) -- poste die txt (Textdatei) in den Thread Extract the files inside also to root, open the "Find T" folder and run the batch file __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
13.08.2005, 18:42
Member
Themenstarter Beiträge: 39 |
#7
Hallo Sabina,
hier der Text von WinPFind: WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600 Internet Explorer Version: 6.0.2800.1106 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... PEC2 23.08.2001 14:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc Umonitor 29.08.2002 03:43:28 660480 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 19.12.2004 23:00:00 111104 C:\WINDOWS\SYSTEM32\Uharc.exe winsync 23.08.2001 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... S 13.08.2005 18:35:12 2048 C:\WINDOWS\bootstat.dat H 02.07.2005 14:54:38 0 C:\WINDOWS\inf\oem11.inf H 13.08.2005 18:36:26 890 C:\WINDOWS\system32\vsconfig.xml H 04.07.2005 07:17:46 4212 C:\WINDOWS\system32\zllictbl.dat S 01.07.2005 10:52:48 7926 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem20.CAT H 13.08.2005 18:41:26 1024 C:\WINDOWS\system32\config\default.LOG H 13.08.2005 18:35:14 1024 C:\WINDOWS\system32\config\SAM.LOG H 13.08.2005 18:36:40 1024 C:\WINDOWS\system32\config\SECURITY.LOG H 13.08.2005 18:41:10 1024 C:\WINDOWS\system32\config\software.LOG H 13.08.2005 18:37:16 1024 C:\WINDOWS\system32\config\system.LOG H 13.08.2005 18:35:14 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 23.08.2001 14:00:00 68096 C:\WINDOWS\SYSTEM32\access.cpl Realtek Semiconductor Corp. 18.06.2004 10:32:34 15684608 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL Microsoft Corporation 29.08.2002 03:43:42 583680 C:\WINDOWS\SYSTEM32\appwiz.cpl REINER SCT 02.06.2003 11:34:10 45056 C:\WINDOWS\SYSTEM32\cjtpl.cpl Microsoft Corporation 29.08.2002 03:43:42 132096 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 23.08.2001 14:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 29.08.2002 03:43:42 293376 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 29.08.2002 03:43:42 125440 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 29.08.2002 04:41:00 208896 C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation 23.08.2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 23.08.2001 14:00:00 566272 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 23.08.2001 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 23.08.2001 14:00:00 259072 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 23.08.2001 14:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 23.08.2001 14:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 23.08.2001 14:00:00 111616 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 29.08.2002 03:43:42 272896 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 23.08.2001 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 23.08.2001 14:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 23.08.2001 14:00:00 189440 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 23.08.2001 14:00:00 259072 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 30.11.2004 23:33:20 900 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk 10.04.2005 21:34:42 1737 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk 15.07.2005 23:32:54 1610 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk 07.12.2004 20:47:18 1714 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... Checking files in %USERPROFILE%\Startup folder... Checking files in %USERPROFILE%\Application Data folder... 01.12.2004 00:05:02 0 C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\dm.ini 22.04.2005 17:44:02 17144 C:\Dokumente und Einstellungen\Jens\Anwendungsdaten\GDIPFONTCACHEV1.DAT »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AntiVir/Win {a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonal\AVShlExt.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\SGPCMenu {59AF8E81-BE3C-11d5-BE40-00A0244C457F} = C:\Programme\Utimaco\SafeGuard PrivateCrypto\pcshell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AntiVir/Win {a7cda720-84ee-11d0-b5c0-00001b3ca278} = C:\Programme\AVPersonal\AVShlExt.DLL HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SGPCMenu {59AF8E81-BE3C-11d5-BE40-00A0244C457F} = C:\Programme\Utimaco\SafeGuard PrivateCrypto\pcshell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu {73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Programme\ICQLite\ICQLiteShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882} = C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9} ButtonText = ICQ Lite : C:\Programme\ICQLite\ICQLite.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} Media Band = %SystemRoot%\System32\browseui.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] SoundMan SOUNDMAN.EXE ATIPTA C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe ScheduleSync.Siemens.SmartSync.5.2.exe C:\Programme\Mobile Phone Manager\SmartSync\ScheduleSync.exe Zone Labs Client C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe AVGCtrl C:\Programme\AVPersonal\AVGNT.EXE /min mmtask c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe Resume copy copyfstq.exe /startup dmpms.exe C:\WINDOWS\System32\dmpms.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] CTFMON.EXE C:\WINDOWS\System32\ctfmon.exe Skype "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized SpybotSD TeaTimer C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent = Ati2evxx.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 13.08.2005 18:41:33 hier der Text von Find T: PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. C:\WINDOWS\BALLOON.WAV MFG soho101 |
|
|
|
|
|
|
13.08.2005, 18:49
Ehrenmitglied
Beiträge: 29434 |
#8
Loeschen :
C:\WINDOWS\BALLOON.WAV dann poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
13.08.2005, 23:31
Member
Themenstarter Beiträge: 39 |
#9
Hallo Sabina,
Balloon.wav ist gelöscht, hier das neue Log: Logfile of HijackThis v1.99.1 Scan saved at 23:29:27, on 13.08.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\System32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\Logitech\SetPoint\KEM.exe C:\Programme\Logitech\SetPoint\KHALMNPR.EXE C:\WINDOWS\System32\alg.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\wuauclt.exe D:\Programme\Virenbekämpfung\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fiestaloca.de/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ScheduleSync.Siemens.SmartSync.5.2.exe] C:\Programme\Mobile Phone Manager\SmartSync\ScheduleSync.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [dmapr.exe] C:\WINDOWS\System32\dmapr.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E39E706E-C416-4F18-A535-B2855C6AAA11}: NameServer = 69.50.176.198 85.255.112.12 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe MFG soho101 |
|
|
|
|
|
|
14.08.2005, 00:36
Ehrenmitglied
Beiträge: 29434 |
#10
Hallo@soho101
Das hast du gut gemacht Alles Gute fuer dich + PC Tip: mache bitte die Windowsupdates , lade SP2 + #Alternativbrowser zum IE Firefox http://www.firefox-browser.de/windows.php http://www.mozilla-europe.org/de/ Installation+Konfiguration Firefox __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
14.08.2005, 00:45
Member
Themenstarter Beiträge: 39 |
#11
Hallo Sabina,
ich muss dir und Heron danken, ihr habt mich SUPER durch die Problembehebung geleitet!!! Vielen DANK dafür! Die Windows Updates sind schon geladen und SP2 ist in wenigen Minuten auch fertig runtergeladen... :-) Zusätzlich werde ich mal die anderen Browser testen... Eine Frage habe ich noch, welche der ganzen Dateien, die ich im Laufe der Problembehandlung runtergeladen habe, brauche ich noch? - ich habe noch auf C:\ einen Ordner "bases_x" - ebenfalls auf C:\ einen Ordner "Download" mit vielen Dateien drin, die u.a. mit "troj..." und "virus..." beginnen. - brauche ich das Programm eScan noch? - brauche ich die Datei fix.reg auf meinem Desktop noch? alle anderen Programme lasse ich noch drauf, sind eh nur in der .zip Form und vielleicht brauche ich sie nochmal (was ich natürlich nicht hoffe!!) Vielen Dank nochmal! MfG soho101 Dieser Beitrag wurde am 14.08.2005 um 00:51 Uhr von soho101 editiert.
|
|
|
|
|
|
|
14.08.2005, 03:22
Member
 Beiträge: 4730 |
#12
Nein, die benötigst Du nicht unbedingt, aber sie nehmen wenig Platz weg und wer weiß, vielleicht kann man diese Programme doch noch irgendwann gebrauchen? Lasse sie doch einfach drauf
__________ Dies ist eine Signatur! Persönlicher Service: Du kommst aus Berlin? Dann melde Dich per PN bei mir, evtl. können wir einen Termin vereinbaren. Der Grabsteinschubser |
|
|
|
|
|
|
14.08.2005, 09:15
Member
Beiträge: 1132 |
#13
bases_x und Download gehören zu eScan. Da sind die Virus-Datenbanken drin enthalten.
Wenn Du eScan weiterhin benutzen willst, so behalte diese Ordner! Gruß Heron __________ "Die Welt ist groß, weil der Kopf so klein" Wilhelm Busch |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Zu meinem Posting des eScan Logs konnte mir wohl keiner helfen...
Ich würde mich freuen, wenn mir jemand sagen könnte, was ich hier "fixen" muss, der HijackThis Log ist eingefügt!
Ich habe diese Log File auch schon bei http://www.hijackthis.de gepostet, doch da stand alles auf gut oder unbekannt...
Das Problem mit den Warnungen von AntiVir tauch jedoch immernoch auf und die Meldung von Windows kommt auch immernoch...
Wenn es hilft, poste ich auch den eScan Log nochmal.
Mein AntiVir Programm meldet mir den Virus: qhost.qrwenn ich den Browser öffne und dann stürzt der Browser ab und muss geschlossen werden.
Ich habe meinen PC schon mit eScan gescannt und folgende Log-Datei erhalten: s.u.
Wäre echt super, wenn mir jemand hiermit helfen kann, denn weiter weiss ich auch nicht...
Vielen Dank schonmal im Vorraus!!!
Logfile of HijackThis v1.99.1
Scan saved at 12:50:23, on 12.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Logitech\SetPoint\KEM.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\AVPersonal\GUARDGUI.EXE
D:\Programme\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fiestaloca.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {BD96164D-0ACB-4DEC-A8EB-A9597B702639} - C:\WINDOWS\System32\msacm32d.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ScheduleSync.Siemens.SmartSync.5.2.exe] C:\Programme\Mobile Phone Manager\SmartSync\ScheduleSync.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe[url][/url][url][/url]
Logfile of eScan:
--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------
1: Thu Aug 11 14:59:32 2005 => File C:\WINDOWS\System32\gpreetup.dll infected by "Virus.Win32.Bayan-based" Virus! Action Taken: No Action Taken.
2: Thu Aug 11 15:03:48 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
3: Thu Aug 11 15:03:48 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\winupdate43313275[1].VIR
4: Thu Aug 11 15:03:48 2005 => File C:\Programme\AVPersonal\INFECTED\winupdate43313275[1].VIR infected by "Trojan-Dropper.Win32.Small.ue" Virus! Action Taken: No Action Taken.
5: Thu Aug 11 15:12:56 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035338.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
6: Thu Aug 11 15:12:56 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035363.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
7: Thu Aug 11 15:12:57 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035391.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
8: Thu Aug 11 15:12:58 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035416.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
9: Thu Aug 11 15:12:58 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035428.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
10: Thu Aug 11 15:12:59 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035455.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
11: Thu Aug 11 15:12:59 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035473.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
12: Thu Aug 11 15:13:00 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035486.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
13: Thu Aug 11 15:13:00 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035490.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
14: Thu Aug 11 15:13:03 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035536.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
15: Thu Aug 11 15:13:03 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035540.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
16: Thu Aug 11 15:13:03 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035555.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
17: Thu Aug 11 15:13:03 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035559.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
18: Thu Aug 11 15:13:03 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035573.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
19: Thu Aug 11 15:13:03 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035577.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
20: Thu Aug 11 15:13:04 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035586.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
21: Thu Aug 11 15:13:04 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035590.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
22: Thu Aug 11 15:13:14 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035867.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
23: Thu Aug 11 15:13:14 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035871.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
24: Thu Aug 11 15:13:15 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035885.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
25: Thu Aug 11 15:13:15 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035889.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
26: Thu Aug 11 15:13:16 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036885.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
27: Thu Aug 11 15:13:16 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036889.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
28: Thu Aug 11 15:13:16 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036900.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
29: Thu Aug 11 15:13:16 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036904.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
30: Thu Aug 11 15:13:16 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036913.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
31: Thu Aug 11 15:13:16 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036917.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
32: Thu Aug 11 15:13:17 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036928.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
33: Thu Aug 11 15:13:17 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036932.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
34: Thu Aug 11 15:13:17 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036946.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
35: Thu Aug 11 15:13:17 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036950.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
36: Thu Aug 11 15:13:17 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0037946.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
37: Thu Aug 11 15:13:17 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0037950.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
38: Thu Aug 11 15:13:17 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0037959.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
39: Thu Aug 11 15:13:18 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0037963.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
40: Thu Aug 11 15:13:20 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP95\A0038049.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
41: Thu Aug 11 15:13:20 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP95\A0038053.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
42: Thu Aug 11 15:13:20 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP95\A0038067.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
43: Thu Aug 11 15:13:20 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP95\A0038071.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
44: Thu Aug 11 15:13:21 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP95\A0038108.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
45: Thu Aug 11 15:13:22 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP95\A0038112.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
46: Thu Aug 11 15:13:22 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP95\A0038121.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
47: Thu Aug 11 15:17:11 2005 => File C:\WINDOWS\system32\gpreetup.dll infected by "Virus.Win32.Bayan-based" Virus! Action Taken: No Action Taken.
--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------
1: Thu Aug 11 15:13:15 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035878.exe tagged as "not-a-virus:AdWare.Msnagent.b". Action Taken: No Action Taken.
2: Thu Aug 11 15:13:15 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035918.exe tagged as "not-a-virus:AdWare.Msnagent.b". Action Taken: No Action Taken.
3: Thu Aug 11 15:13:16 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036924.exe tagged as "not-a-virus:AdWare.Msnagent.b". Action Taken: No Action Taken.
4: Thu Aug 11 15:13:17 2005 => File C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036941.exe tagged as "not-a-virus:AdWare.Msnagent.b". Action Taken: No Action Taken.
--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------
1: Thu Aug 11 14:57:50 2005 => ERROR!!! Invalid Entry mmtask = c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
2: Thu Aug 11 14:57:56 2005 => ERROR!!! Invalid Entry \??\E:\INSTALL\GMSIPCI.SYS in SYSTEM\CurrentControlSet\Services\GMSIPCI...
3: Thu Aug 11 14:57:56 2005 => ERROR!!! Invalid Entry System32\DRIVERS\IPFilter.sys in SYSTEM\CurrentControlSet\Services\IPFilter...
4: Thu Aug 11 14:57:57 2005 => ERROR!!! Invalid Entry \??\E:\NTACCESS.sys in SYSTEM\CurrentControlSet\Services\NTACCESS...
5: Thu Aug 11 14:57:58 2005 => ERROR!!! Invalid Entry \??\E:\NTGLM7X.sys in SYSTEM\CurrentControlSet\Services\SetupNTGLM7X...
6: Thu Aug 11 14:58:13 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\axload.dll". Action Taken: No Action Taken.
7: Thu Aug 11 14:58:15 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxwma.dll". Action Taken: No Action Taken.
8: Thu Aug 11 14:58:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\SCM\ICONFIG.EXE". Action Taken: No Action Taken.
9: Thu Aug 11 14:58:16 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Gemeinsame Dateien\SCM\ICONFIG.DLL". Action Taken: No Action Taken.
10: Thu Aug 11 14:58:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ahead\NeroDigital\settings.xml". Action Taken: No Action Taken.
11: Thu Aug 11 14:58:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero PhotoSnap\NeroPhotoSnap_fra.chm". Action Taken: No Action Taken.
12: Thu Aug 11 14:58:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero PhotoSnap\PhotoSnap-Jpn.nls". Action Taken: No Action Taken.
13: Thu Aug 11 14:58:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero PhotoSnap\PhotoSnapViewer-Jpn.nls". Action Taken: No Action Taken.
14: Thu Aug 11 14:58:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero MediaHome\NeroMediaHome_Fra.chm". Action Taken: No Action Taken.
15: Thu Aug 11 14:58:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero MediaHome\NeroMediaHome_Jpn.chm". Action Taken: No Action Taken.
16: Thu Aug 11 14:58:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\NeroCoverDesigner_fra.chm". Action Taken: No Action Taken.
17: Thu Aug 11 14:58:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken.
18: Thu Aug 11 14:58:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\NeroRecode_fra.chm". Action Taken: No Action Taken.
19: Thu Aug 11 14:58:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero Recode\Recode-Jpn.nls". Action Taken: No Action Taken.
20: Thu Aug 11 14:58:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\NeroShowTime_Fra.chm". Action Taken: No Action Taken.
21: Thu Aug 11 14:58:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\ShowTime-Jpn.nls". Action Taken: No Action Taken.
22: Thu Aug 11 14:58:18 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero ShowTime\Skins\standard.bmp". Action Taken: No Action Taken.
23: Thu Aug 11 14:58:20 2005 => Entry "HKCR\CLSID\{0C5D39B0-460B-11D4-ADE1-0050DACD3DB9}" refers to invalid object "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\MMRadioEngine.dll". Action Taken: No Action Taken.
24: Thu Aug 11 14:58:21 2005 => Entry "HKCR\CLSID\{1745EDC4-CDCE-4e20-B91E-312F0C2AD16B}" refers to invalid object "C:\Programme\MSN\MSNCoreFiles\msnmetal.dll". Action Taken: No Action Taken.
25: Thu Aug 11 14:58:21 2005 => Entry "HKCR\CLSID\{1EF2E5CB-646F-4F85-A355-8E328652CA60}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
26: Thu Aug 11 14:58:21 2005 => Entry "HKCR\CLSID\{23AA6EBC-86AA-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
27: Thu Aug 11 14:58:21 2005 => Entry "HKCR\CLSID\{23AA6EBD-86AA-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
28: Thu Aug 11 14:58:22 2005 => Entry "HKCR\CLSID\{27855D52-0913-4F88-A8CC-343D374E7CC9}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
29: Thu Aug 11 14:58:22 2005 => Entry "HKCR\CLSID\{2B7E6AA9-C4FA-4951-815B-4AFE39D81453}" refers to invalid object "C:\Programme\Messenger\msgsc.dll". Action Taken: No Action Taken.
30: Thu Aug 11 14:58:23 2005 => Entry "HKCR\CLSID\{399CB6C4-7312-11D2-B4D9-00105A0422DF}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\HHACTI~1.DLL". Action Taken: No Action Taken.
31: Thu Aug 11 14:58:26 2005 => Entry "HKCR\CLSID\{5E05D214-DD15-47cd-B5BC-65FAC825D3D0}" refers to invalid object "C:\Programme\MSN\MSNCoreFiles\msnmetal.dll". Action Taken: No Action Taken.
32: Thu Aug 11 14:58:27 2005 => Entry "HKCR\CLSID\{6B58B5DC-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
33: Thu Aug 11 14:58:27 2005 => Entry "HKCR\CLSID\{6B58B5DD-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
34: Thu Aug 11 14:58:27 2005 => Entry "HKCR\CLSID\{6B58B5E0-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
35: Thu Aug 11 14:58:27 2005 => Entry "HKCR\CLSID\{6B58B5E1-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
36: Thu Aug 11 14:58:27 2005 => Entry "HKCR\CLSID\{6B58B5E4-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
37: Thu Aug 11 14:58:27 2005 => Entry "HKCR\CLSID\{6B58B5E5-7405-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
38: Thu Aug 11 14:58:27 2005 => Entry "HKCR\CLSID\{724bb6a4-e526-450f-affa-ab9b45129111}" refers to invalid object "C:\WINDOWS\System32\wmv9dmod.dll". Action Taken: No Action Taken.
39: Thu Aug 11 14:58:29 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
40: Thu Aug 11 14:58:29 2005 => Entry "HKCR\CLSID\{84268CDA-5AE9-409C-94E9-B6FEB4B5A123}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
41: Thu Aug 11 14:58:30 2005 => Entry "HKCR\CLSID\{959F94FD-DD1E-11D2-B559-00105A0422DF}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\HHACTI~1.DLL". Action Taken: No Action Taken.
42: Thu Aug 11 14:58:30 2005 => Entry "HKCR\CLSID\{9EFBF860-5685-11D3-AA3D-00C04F4C5275}" refers to invalid object "cdooff.dll". Action Taken: No Action Taken.
43: Thu Aug 11 14:58:31 2005 => Entry "HKCR\CLSID\{AB1D8565-40E9-4616-984D-98465687E82C}" refers to invalid object "C:\Programme\Messenger\msgsc.dll". Action Taken: No Action Taken.
44: Thu Aug 11 14:58:31 2005 => Entry "HKCR\CLSID\{ADC4FE5F-9ACA-4551-8AD1-7B1DEF9D6BE8}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
45: Thu Aug 11 14:58:32 2005 => Entry "HKCR\CLSID\{B617F87F-1856-43BC-ADEB-C43922F7A575}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
46: Thu Aug 11 14:58:32 2005 => Entry "HKCR\CLSID\{B69003B3-C55E-4b48-836C-BC5946FC3B28}" refers to invalid object "C:\Programme\Messenger\msgsc.dll". Action Taken: No Action Taken.
47: Thu Aug 11 14:58:33 2005 => Entry "HKCR\CLSID\{C3DB19A6-D5A2-11D2-8F58-00E02916007D}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\mmjbctrl.ocx". Action Taken: No Action Taken.
48: Thu Aug 11 14:58:35 2005 => Entry "HKCR\CLSID\{CE0E7204-D82C-4273-8A70-919963F4CFE0}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
49: Thu Aug 11 14:58:35 2005 => Entry "HKCR\CLSID\{D326DC3B-8ADF-456A-B1B7-8A9E37704C60}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
50: Thu Aug 11 14:58:35 2005 => Entry "HKCR\CLSID\{D98E820F-6ACD-4dc0-921E-9841E3D8B4A7}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
51: Thu Aug 11 14:58:37 2005 => Entry "HKCR\CLSID\{EFAC012B-2A65-4D0B-9237-ADBADD94DFE9}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
52: Thu Aug 11 14:58:37 2005 => Entry "HKCR\CLSID\{F0FDBF9F-63BF-4BFB-A3DB-E7B7FCF3F7DE}" refers to invalid object "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\directorps.dll". Action Taken: No Action Taken.
53: Thu Aug 11 14:58:37 2005 => Entry "HKCR\CLSID\{F1DD8F2C-1A49-40F0-9649-ACB3AB7AF86A}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
54: Thu Aug 11 14:58:37 2005 => Entry "HKCR\CLSID\{F3A614DC-ABE0-11d2-A441-00C04F795683}" refers to invalid object "C:\Programme\Messenger\msgsc.dll". Action Taken: No Action Taken.
55: Thu Aug 11 14:58:38 2005 => Entry "HKCR\CLSID\{F4C6D6E0-A8FB-4281-BE24-1662D646FE2B}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
56: Thu Aug 11 14:58:38 2005 => Entry "HKCR\CLSID\{FB215E25-F536-4B36-8262-ECF59601FAC1}" refers to invalid object "C:\PROGRA~1\MUSICM~1\MUSICM~2\MMFWCtrl.ocx". Action Taken: No Action Taken.
57: Thu Aug 11 14:58:38 2005 => Entry "HKCR\CLSID\{FB7199AB-79BF-11d2-8D94-0000F875C541}" refers to invalid object "C:\Programme\Messenger\msgsc.dll". Action Taken: No Action Taken.
58: Thu Aug 11 14:58:38 2005 => Entry "HKCR\CLSID\{FBE840E5-13A5-4cff-B2A9-4D1E64A17FF2}" refers to invalid object "E:\player\WMMP.EXE". Action Taken: No Action Taken.
59: Thu Aug 11 14:58:51 2005 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
60: Thu Aug 11 14:58:51 2005 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
61: Thu Aug 11 14:58:51 2005 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
62: Thu Aug 11 14:58:57 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
63: Thu Aug 11 14:58:57 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
64: Thu Aug 11 14:59:02 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
65: Thu Aug 11 14:59:02 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
66: Thu Aug 11 15:01:50 2005 => Scanning File C:\Dokumente und Einstellungen\Jens\Favoriten\Meine Homepages\error!.url [**]
67: Thu Aug 11 15:01:53 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\Jens\Lokale Einstellungen\Anwendungsdaten\Shareaza\Incomplete\N2FUKAK6MJT4IJDNVKHGGMVK5ZY6BZPG Winzip 9.0 Full Version - Cracked +Crack _ Seri*hier nicht!*.zip is Not Scanned
--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------
1: C:\WINDOWS\System32\gpreetup.dll => Virus.Win32.Bayan-based
2: C:\Programme\AVPersonal\INFECTED\winupdate43313275[1].VIR => Trojan-Dropper.Win32.Small.ue
3: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035338.exe => Trojan-Dropper.Win32.Vidro.u
4: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035363.exe => Trojan-Dropper.Win32.Vidro.u
5: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035391.exe => Trojan-Dropper.Win32.Vidro.u
6: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035416.exe => Trojan-Dropper.Win32.Vidro.u
7: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035428.exe => Trojan-Dropper.Win32.Vidro.u
8: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035455.exe => Trojan-Dropper.Win32.Vidro.u
9: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035473.exe => Trojan-Dropper.Win32.Vidro.u
10: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035486.exe => Trojan-Dropper.Win32.Vidro.u
11: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP93\A0035490.exe => Trojan-Dropper.Win32.Vidro.u
12: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035536.exe => Trojan-Dropper.Win32.Vidro.u
13: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035540.exe => Trojan-Dropper.Win32.Vidro.u
14: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035555.exe => Trojan-Dropper.Win32.Vidro.u
15: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035559.exe => Trojan-Dropper.Win32.Vidro.u
16: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035573.exe => Trojan-Dropper.Win32.Vidro.u
17: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035577.exe => Trojan-Dropper.Win32.Vidro.u
18: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035586.exe => Trojan-Dropper.Win32.Vidro.u
19: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035590.exe => Trojan-Dropper.Win32.Vidro.u
20: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035867.exe => Trojan-Dropper.Win32.Vidro.u
21: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035871.exe => Trojan-Dropper.Win32.Vidro.u
22: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035885.exe => Trojan-Dropper.Win32.Vidro.u
23: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0035889.exe => Trojan-Dropper.Win32.Vidro.u
24: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036885.exe => Trojan-Dropper.Win32.Vidro.u
25: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036889.exe => Trojan-Dropper.Win32.Vidro.u
26: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036900.exe => Trojan-Dropper.Win32.Vidro.u
27: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036904.exe => Trojan-Dropper.Win32.Vidro.u
28: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036913.exe => Trojan-Dropper.Win32.Vidro.u
29: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036917.exe => Trojan-Dropper.Win32.Vidro.u
30: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036928.exe => Trojan-Dropper.Win32.Vidro.u
31: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036932.exe => Trojan-Dropper.Win32.Vidro.u
32: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036946.exe => Trojan-Dropper.Win32.Vidro.u
33: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0036950.exe => Trojan-Dropper.Win32.Vidro.u
34: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0037946.exe => Trojan-Dropper.Win32.Vidro.u
35: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0037950.exe => Trojan-Dropper.Win32.Vidro.u
36: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0037959.exe => Trojan-Dropper.Win32.Vidro.u
37: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP94\A0037963.exe => Trojan-Dropper.Win32.Vidro.u
38: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP95\A0038049.exe => Trojan-Dropper.Win32.Vidro.u
39: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP95\A0038053.exe => Trojan-Dropper.Win32.Vidro.u
40: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP95\A0038067.exe => Trojan-Dropper.Win32.Vidro.u
41: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP95\A0038071.exe => Trojan-Dropper.Win32.Vidro.u
42: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP95\A0038108.exe => Trojan-Dropper.Win32.Vidro.u
43: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP95\A0038112.exe => Trojan-Dropper.Win32.Vidro.u
44: C:\System Volume Information\_restore{A603A1F8-CFD6-4F33-8D89-882C00530F2E}\RP95\A0038121.exe => Trojan-Dropper.Win32.Vidro.u
45: C:\WINDOWS\system32\gpreetup.dll => Virus.Win32.Bayan-based
--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------
Thu Aug 11 15:20:40 2005 => Total Objects Scanned: 65425
Thu Aug 11 15:20:40 2005 => Total Virus(es) Found: 50
Thu Aug 11 15:20:40 2005 => Total Errors: 66
Thu Aug 11 15:20:40 2005 => Virus Database Date: 2005/08/11
Thu Aug 11 15:20:40 2005 => Virus Database Count: 143089
Thu Aug 11 16:32:35 2005 => Total Objects Scanned: 65425
Thu Aug 11 16:32:35 2005 => Total Virus(es) Found: 50
Thu Aug 11 16:32:35 2005 => Total Errors: 66