firefox + hclean32.exe + rsdin.exe

#1 hi leute!

ich bin zum 1. mal hier und melde mich gleich einmal mit einem problem, ich denke ihr könnt mir da weiterhelfen:
jedes mal wenn ich den firefox starte, meldet sich mein antivir mit den beiden viren und ab und zu kommt so ein ballon und meldet, your pc might be infected with spyware, bla bla

wie bekomm ich das weg?

#2 Fang bitte an, ein Escanlog zu posten
http://virus-protect.org/escan.html
und ein Hijackthis log http://www.cidres-security.de/hijackthis.html

Das sollte ersteinmal helfen......
__________
MfG Ralf
SEO-Spam Hunter

#3 also hier ist einmal der HJT log

Logfile of HijackThis v1.99.1
Scan saved at 11:55:08, on 02.10.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\Mixer.exe
C:\programme\powerstrip\pstrip.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Changer XP\ChangerXP.exe
C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
D:\PROGRA~2\ICQ\ICQ.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Lavasoft\Ad-aware 6\Ad-aware.exe
D:\Programme + Treiber\Anti Viren Programme\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PowerStrip] c:\programme\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Mirabilis ICQ] D:\PROGRA~2\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [microsft Updates] msupdate32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe
O4 - HKLM\..\RunServices: [microsft Updates] msupdate32.exe
O4 - Global Startup: Alcatel Speedtouch Connection.lnk = C:\Programme\Alcatel\SpeedTouch USB\stdialup.exe
O4 - Global Startup: Changer XP.lnk = C:\Programme\Changer XP\ChangerXP.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~2\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~2\ICQ\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CB85A7E-9AE7-4762-BBBF-C4937B53B530}: NameServer = 85.255.113.139,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F2C1A7C-F284-4431-9B11-54A8977D33B3}: NameServer = 85.255.113.139,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0130CE7-A5F4-4757-94EE-C726723E4692}: NameServer = 85.255.113.139 85.255.112.6
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 Fix bitte folgendes:


R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [microsft Updates] msupdate32.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe
O4 - HKLM\..\RunServices: [microsft Updates] msupdate32.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CB85A7E-9AE7-4762-BBBF-C4937B53B530}: NameServer = 85.255.113.139,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F2C1A7C-F284-4431-9B11-54A8977D33B3}: NameServer = 85.255.113.139,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0130CE7-A5F4-4757-94EE-C726723E4692}: NameServer = 85.255.113.139 85.255.112.6

Teste bitte diese Datei C:\WINDOWS\System32\hgqhp.exe bei http://virusscan.jotti.org/

Falls du die Datei nicht finden solltest, mache bitte folgendes und schaue nocheinmal:

>Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und
>Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren.

BZW: Das Escan bitte nicht vergessen!
__________
MfG Ralf
SEO-Spam Hunter

#5 Hallo@ugashaka

mit diesen Tools finde ich alles, was zu loeschen ist

Datfinbad - abarbeiten und alle 4 Logs in den Thread kopieren (mit Pfad)
http://virus-protect.org/datfindbat.html

Silentrunners
http://virus-protect.org/silentrunner.html
klicke: output file is in text format. --> Doppelklick und es oeffnet sich der Editor -- und poste alles, was angezeigt wird.

Download f-secure-Beta Trial
http://www.f-secure.com/blacklight/
doppelklick: blbeta.exe
nach dem Check klicke -- next
nun findet man eine Textdatei auf dem Desktop: kopiere sie in deinen Thread
__________
MfG Sabina

rund um die PC-Sicherheit

#6 datfind.bat:

1. editor:
Datentr„ger in Laufwerk C: ist WINDOWS
Volumeseriennummer: 20AF-0040

Verzeichnis von C:\WINDOWS\system32

08.10.2005 12:36 335 vsconfig.xml
08.10.2005 12:36 21.961 nvapps.xml
07.10.2005 15:22 2.206 wpa.dbl
23.09.2005 21:13 41 SndDrv32_g.dlx
23.09.2005 17:35 117.360 FNTCACHE.DAT
11.09.2005 16:26 2.655.744 CXUIHOST.EXE
31.08.2005 11:19 0 phr.exe
26.07.2005 16:49 16.832 amcompat.tlb
26.07.2005 16:49 23.392 nscompat.tlb
10.07.2005 12:21 780.895 ~tmp7407.$$$
20.06.2005 16:44 316.924 perfh007.dat
20.06.2005 16:44 311.740 perfh009.dat
20.06.2005 16:44 40.128 perfc009.dat
20.06.2005 16:44 723.744 PerfStringBackup.INI
20.06.2005 16:44 48.360 perfc007.dat
20.06.2005 14:58 3.069 jupdate-1.5.0_02-b09.log
15.06.2005 17:20 176.128 nvudisp.exe
23.05.2005 09:14 0 TFTP1132
20.05.2005 23:56 2.957 jupdate-1.5.0_01-b08.log
19.05.2005 13:18 34.064 lhacm.acm
01.04.2005 16:24 176.128 NVUNINST.EXE
01.04.2005 16:16 14.435 nvdisp.nvu
01.04.2005 16:16 1.339.392 nvdspsch.exe
01.04.2005 16:16 540.672 nvhwvid.dll
01.04.2005 16:16 1.458.176 nview.dll
01.04.2005 16:16 86.016 nvmctray.dll
01.04.2005 16:16 286.720 nvnt4cpl.dll
01.04.2005 16:16 5.332.992 nvoglnt.dll
01.04.2005 16:16 311.296 nvrsar.dll
01.04.2005 16:16 229.376 nvrscs.dll
01.04.2005 16:16 237.568 nvrsda.dll
01.04.2005 16:16 262.144 nvrsde.dll
01.04.2005 16:16 266.240 nvrsel.dll
01.04.2005 16:16 5.562.368 nvcpl.dll
01.04.2005 16:16 266.240 nvrses.dll
01.04.2005 16:16 258.048 nvrsesm.dll
01.04.2005 16:16 233.472 nvrsfi.dll
01.04.2005 16:16 266.240 nvrsfr.dll
01.04.2005 16:16 307.200 nvrshe.dll
01.04.2005 16:16 241.664 nvrshu.dll

2. editor:
Datentr„ger in Laufwerk C: ist WINDOWS
Volumeseriennummer: 20AF-0040

Verzeichnis von C:\DOKUME~1\DOMINI~1.UGA\LOKALE~1\Temp

08.10.2005 12:49 970 TempICQCLImage9316998008471.html
08.10.2005 12:36 512 ~DFEDB7.tmp
08.10.2005 12:36 16.384 ~DFEDAB.tmp
08.10.2005 12:36 1.440 jusched.log
07.10.2005 19:26 970 TempICQCLImage9316998023896.html
07.10.2005 19:16 4.592 SIntfIcn.ani
07.10.2005 19:16 24.516 SIntfNT.dll
07.10.2005 19:16 19.924 SIntf32.dll
07.10.2005 19:16 12.067 SIntf16.dll
07.10.2005 19:16 36.864 CmdLineExt02.dll
07.10.2005 18:58 46.080 ~e5d141.tmp
07.10.2005 18:53 978 TempICQMagicNumber_9317590027857.html
07.10.2005 18:43 16.384 ~DF6195.tmp
07.10.2005 17:51 16.384 ~DFF18F.tmp
07.10.2005 15:22 16.384 ~DFCB13.tmp
01.10.2005 19:49 2.110 java_install_reg.log
01.10.2005 19:46 16.384 ~DF7E87.tmp
01.10.2005 18:47 16.384 ~DF65B6.tmp
01.10.2005 18:46 16.384 ~DF4B61.tmp
01.10.2005 18:46 16.384 ~DF44FA.tmp
01.10.2005 17:56 16.384 ~DF3D34.tmp
01.10.2005 17:21 16.384 ~DFE34D.tmp
01.10.2005 12:43 16.384 ~DF7137.tmp
01.10.2005 11:10 16.384 ~DFCEDB.tmp
21.09.2005 11:14 45.096 _VWUPSRV.EXE
25 Datei(en) 392.727 Bytes
0 Verzeichnis(se), 48.346.365.952 Bytes frei

3. editor:
Datentr„ger in Laufwerk C: ist WINDOWS
Volumeseriennummer: 20AF-0040

Verzeichnis von C:\WINDOWS

08.10.2005 12:49 6.400 balloon.wav
08.10.2005 12:36 0 0.log
08.10.2005 12:36 2.048 bootstat.dat
07.10.2005 20:13 32.580 SchedLgU.Txt
07.10.2005 20:07 290.138 wmsetup.log
02.10.2005 12:00 54.156 QTFont.qfn
01.10.2005 12:40 67.586 War3Unin.dat
26.09.2005 21:15 177 winamp.ini
25.09.2005 20:29 216 wiadebug.log
25.09.2005 17:51 50 wiaservc.log
25.09.2005 12:54 99.970 UninstallFirefox.exe
25.09.2005 12:54 6.464 mozver.dat
25.09.2005 12:51 158.545 setupact.log
25.09.2005 12:51 24.735 setupapi.log
23.09.2005 20:14 172.355 DirectX.log
21.09.2005 21:01 999 eReg.dat
21.09.2005 20:34 86 CIV.INI
19.09.2005 19:42 2.829 War3Unin.pif
19.09.2005 19:42 139.264 War3Unin.exe
17.09.2005 13:06 37.306 ntdtcsetup.log
17.09.2005 13:06 51.128 comsetup.log
17.09.2005 13:06 253.091 iis6.log
17.09.2005 13:06 63.369 tsoc.log
17.09.2005 13:06 1.374 imsins.log
17.09.2005 13:06 4.932 tabletoc.log
17.09.2005 13:06 9.636 KB893803.log
17.09.2005 13:06 6.330 ocmsn.log
17.09.2005 13:06 6.503 msgsocm.log
17.09.2005 13:06 105.160 ocgen.log
17.09.2005 13:06 18.950 netfxocm.log
17.09.2005 13:06 93.973 FaxSetup.log
17.09.2005 13:06 59.372 msmqinst.log
03.09.2005 17:13 1.880 WINNT32.LOG
03.09.2005 17:13 1.131 UPGRADE.TXT
03.09.2005 17:13 148 wsdu.log
03.09.2005 17:13 178 DHCPUPG.LOG
17.08.2005 14:28 1.157.969 setupapi.log.0.old
14.08.2005 13:22 14.150 Windows Update.log
28.07.2005 17:58 1.409 QTFont.for
26.07.2005 16:50 494 wmsetup10.log
26.07.2005 16:48 316.640 WMSysPr9.prx
25.07.2005 12:52 429.730 ntbtlog.txt
24.07.2005 16:14 229 RomeTW.ini
23.07.2005 03:14 2.100 ladydata.dat
07.07.2005 13:45 234 SIERRA.INI

4. editor:
Datentr„ger in Laufwerk C: ist WINDOWS
Volumeseriennummer: 20AF-0040

Verzeichnis von C:\

08.10.2005 12:56 0 sys.txt
08.10.2005 12:56 6.642 system.txt
08.10.2005 12:55 1.553 systemtemp.txt
08.10.2005 12:54 98.331 system32.txt
08.10.2005 12:35 1.610.612.736 pagefile.sys
01.10.2005 20:05 5 AVPCallback.log
01.10.2005 18:24 397 vlist.log
11.09.2005 14:22 330 boot.ini
30.10.2004 10:45 235.296 ntldr
30.10.2004 10:45 47.580 NTDETECT.COM
02.10.2004 10:43 15 ftplog.txt
01.10.2004 20:37 0 CONFIG.SYS
01.10.2004 20:37 0 IO.SYS
01.10.2004 20:37 0 MSDOS.SYS
18.08.2001 13:00 4.952 bootfont.bin
15 Datei(en) 1.611.007.837 Bytes
0 Verzeichnis(se), 48.346.353.664 Bytes frei

sodala, das war mal das, jetzt kommt

Silentrunners:
"Silent Runners.vbs", revision 41, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Steam" = (empty string)
"SpybotSD TeaTimer" = "E:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpeedTouch USB Diagnostics" = ""C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON multimedia"]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"PowerStrip" = "c:\programme\powerstrip\pstrip.exe" ["EnTech Taiwan"]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Zone Labs Client" = "C:\PROGRA~1\Zone Labs\ZoneAlarm\zapro.exe" ["Zone Labs Inc."]
"AVGCtrl" = ""C:\Programme\AVPersonal\AVGNT.EXE" /min" ["H+BEDV Datentechnik GmbH"]
"Mirabilis ICQ" = "D:\PROGRA~2\ICQ\ICQNet.exe" [null data]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQ\ICQShExt.dll" ["ICQ"]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "E:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 DragDrop Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "E:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Context Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "E:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.2 Property Sheet Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "E:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csbgn.exe" [null data]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]
ICQMenu\(Default) = "{f802f260-519b-11d1-bb5d-0060974c6013}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQ\ICQShExt.dll" ["ICQ"]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {CLSID}\InProcServer32\(Default) = "E:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQMenu\(Default) = "{f802f260-519b-11d1-bb5d-0060974c6013}"
-> {CLSID}\InProcServer32\(Default) = "D:\Programme\ICQ\ICQShExt.dll" ["ICQ"]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {CLSID}\InProcServer32\(Default) = "E:\Programme\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "c:\dokumente und einstellungen\dominik.ugashaka\anwendungsdaten\changer xp\cxwallpa.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Dominik" & "All Users" startup folders:
---------------------------------------------------------

C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart
"Alcatel Speedtouch Connection" -> shortcut to: "C:\Programme\Alcatel\SpeedTouch USB\stdialup.exe /WindowsDial /Entry "Alcatel Speedtouch Connection"" ["THOMSON multimedia"]
"Changer XP" -> shortcut to: "C:\Programme\Changer XP\ChangerXP.exe -r" ["Nihuo Software"]
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office10\OSA.EXE -b -l" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 24
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{6224F700-CBA3-4071-B251-47CB894244CD}\
"ButtonText" = "ICQ Pro"
"MenuText" = "ICQ"
"Exec" = "D:\PROGRA~2\ICQ\ICQ.exe" ["ICQ Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AntiVir Service, AntiVirService, ""C:\PROGRAMME\AVPERSONAL\AVGUARD.EXE"" ["H+BEDV Datentechnik GmbH"]
AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 40 seconds, including 11 seconds for message boxes)

und zu guter letzt das f-secure:
10/08/05 13:02:15 [Info]: BlackLight Engine 1.0.23 initialized
10/08/05 13:02:15 [Info]: OS: 5.1 build 2600 (Service Pack 1)
10/08/05 13:02:16 [Note]: 4019 4
10/08/05 13:02:16 [Note]: 4005 0
10/08/05 13:02:19 [Note]: 4006 0
10/08/05 13:02:19 [Note]: 4011 1540
10/08/05 13:02:20 [Note]: 4018 1952
10/08/05 13:02:20 [Info]: Hidden process: C:\WINDOWS\System32\ntfsnlpa.exe
10/08/05 13:02:20 [Note]: FSRAW library version 1.7.1011
10/08/05 13:02:35 [Info]: Hidden file: C:\WINDOWS\system32\wbem\wbemtest.exe
10/08/05 13:02:35 [Note]: 10002 1
10/08/05 13:02:38 [Info]: Hidden file: C:\WINDOWS\system32\csbgn.exe
10/08/05 13:02:38 [Note]: 4002 32
10/08/05 13:02:38 [Note]: 4003 1
10/08/05 13:02:38 [Note]: 10002 1
10/08/05 13:02:41 [Info]: Hidden file: C:\WINDOWS\System32\ntfsnlpa.exe
10/08/05 13:02:41 [Note]: 10002 1
10/08/05 13:02:57 [Note]: 4007 0


e-scan folgt auch bald

#7 Hallo@ugashaka

23.05.2005 09:14 0 TFTP1132 --> seit Mai hast du einen Backdoor auf dem System, ich hoffe, keine wichigen Daten, Passworte und onlinebanling......
---------------------------------------------------------------------------
Gehe in die Registry

Start-->Ausfuehren-->regedit

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
"restrictanonymous" = "1" -> "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE

"EnableDCOM" = "N" -> "Y"

-------------------------------------------------------------------------
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=-
"System"=""

KILLBOX
http://www.bleepingcomputer.com/files/killbox.php
Anleitung: (bebildert)
http://virus-protect.org/killbox.html

Delete File on Reboot -- anhaken

reinkopieren:
...

und klicke auf das rote Kreuz, wenn gefragt wird, ob "Do you want to reboot? "---- klicke auf "no",und kopiere das nächste rein, erst beim letzten auf "yes"

C:\WINDOWS\system32\phr.exe
C:\WINDOWS\system32\TFTP1132
C:\WINDOWS\system32\msupdate32.exe
C:\WINDOWS\System32\hgqhp.exe
C:\WINDOWS\System32\dxconf.exe
C:\WINDOWS\system32\csbgn.exe
C:\WINDOWS\system32\rdsndin.exe
C:\WINDOWS\system32\hclean32.exe
C:\WINDOWS\system32\loadctr32.exe
C:\WINDOWS\System32\ntfsnlpa.exe
C:\WINDOWS\system32\csbgn.exe
C:\WINDOWS\balloon.wav

PC neustarten
Computer in den abgesicherten Modus neustarten (F8 beim Starten drücken). Die Datei "fixme.reg" auf dem Desktop doppelklicken


scanne mit Kaspersky und panda und poste den Report vpm Scan
http://virus-protect.org/onlinescan.html


-------------------------------------------------------------------------
C:\WINDOWS\system32\phr.exe - Win32/TrojanDropper.Juntador.NAA trojan
__________
MfG Sabina

rund um die PC-Sicherheit

#8 hallo sabina

führe deine anweisungen jetzt aus, habe auch den escan fertig


--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------

1: Sat Oct 08 13:09:10 2005 => System found infected with hijacker Spyware/Adware ({8085e374-acbb-42f9-873f-49ec7e244f97})! Action taken: No Action Taken.
2: Sat Oct 08 13:09:10 2005 => System found infected with freshbar Spyware/Adware ({06abaa2d-34ab-4902-a326-409bd9b9a7a5})! Action taken: No Action Taken.
3: Sat Oct 08 13:09:10 2005 => System found infected with alexa Spyware/Adware ({c95fe080-8f5d-11d2-a20b-00aa003c157a})! Action taken: No Action Taken.
4: Sat Oct 08 13:09:14 2005 => Offending file found: C:\DOKUME~1\DOMINI~1.UGA\LOKALE~1\Temp\cmdlineext02.dll
5: Sat Oct 08 13:09:14 2005 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
6: Sat Oct 08 13:09:18 2005 => Offending file found: E:\Eigene Dateien\band page\index.html
7: Sat Oct 08 13:09:18 2005 => System found infected with easysearch Spyware/Adware (index.html)! Action taken: No Action Taken.
8: Sat Oct 08 13:09:26 2005 => Offending file found: C:\Dokumente und Einstellungen\Dominik.UGASHAKA\Lokale Einstellungen\temp\cmdlineext02.dll
9: Sat Oct 08 13:09:26 2005 => System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: No Action Taken.
10: Sat Oct 08 13:09:27 2005 => Offending file found: C:\Dokumente und Einstellungen\Dominik.UGASHAKA\Lokale Einstellungen\temporary internet files\content.ie5\01q3gtuv\stylesheet[1].css
11: Sat Oct 08 13:09:27 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.
12: Sat Oct 08 13:09:28 2005 => Offending file found: C:\Dokumente und Einstellungen\Dominik.UGASHAKA\Lokale Einstellungen\temporary internet files\content.ie5\kzv3ygdl\adswrapper[1].js
13: Sat Oct 08 13:09:28 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken.
14: Sat Oct 08 13:09:29 2005 => Offending file found: C:\Dokumente und Einstellungen\Dominik.UGASHAKA\Lokale Einstellungen\temporary internet files\content.ie5\o1u7gtav\adsend[1].js
15: Sat Oct 08 13:09:29 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.
16: Sat Oct 08 13:09:30 2005 => Offending file found: C:\Dokumente und Einstellungen\Dominik.UGASHAKA\Lokale Einstellungen\Temporary Internet Files\content.ie5\01q3gtuv\stylesheet[1].css
17: Sat Oct 08 13:09:30 2005 => System found infected with whenu.savenow Spyware/Adware (stylesheet[1].css)! Action taken: No Action Taken.
18: Sat Oct 08 13:09:30 2005 => Offending file found: C:\Dokumente und Einstellungen\Dominik.UGASHAKA\Lokale Einstellungen\Temporary Internet Files\content.ie5\kzv3ygdl\adswrapper[1].js
19: Sat Oct 08 13:09:30 2005 => System found infected with whenu.savenow Spyware/Adware (adswrapper[1].js)! Action taken: No Action Taken.
20: Sat Oct 08 13:09:30 2005 => Offending file found: C:\Dokumente und Einstellungen\Dominik.UGASHAKA\Lokale Einstellungen\Temporary Internet Files\content.ie5\o1u7gtav\adsend[1].js
21: Sat Oct 08 13:09:30 2005 => System found infected with whenu.savenow Spyware/Adware (adsend[1].js)! Action taken: No Action Taken.
22: Sat Oct 08 13:09:31 2005 => Offending file found: E:\Eigene Dateien\band page\index.html
23: Sat Oct 08 13:09:31 2005 => System found infected with easysearch Spyware/Adware (index.html)! Action taken: No Action Taken.
24: Sat Oct 08 13:09:32 2005 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken.
25: Sat Oct 08 13:09:32 2005 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken.
26: Sat Oct 08 13:19:56 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
27: Sat Oct 08 13:19:56 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\qttask.VIR
28: Sat Oct 08 13:28:32 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP100\A0086595.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
29: Sat Oct 08 13:28:35 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086659.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
30: Sat Oct 08 13:28:36 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086683.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
31: Sat Oct 08 13:28:36 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086694.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
32: Sat Oct 08 13:28:36 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086707.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
33: Sat Oct 08 13:28:37 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086719.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
34: Sat Oct 08 13:28:37 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086729.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
35: Sat Oct 08 13:28:37 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086741.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
36: Sat Oct 08 13:28:39 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086761.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
37: Sat Oct 08 13:28:39 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086768.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
38: Sat Oct 08 13:28:40 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0087771.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
39: Sat Oct 08 13:28:40 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0087817.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
40: Sat Oct 08 13:28:40 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0087853.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
41: Sat Oct 08 13:28:40 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0087899.exe infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
42: Sat Oct 08 13:28:44 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0087980.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
43: Sat Oct 08 13:28:46 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP102\A0088980.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
44: Sat Oct 08 13:28:46 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP102\A0089980.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
45: Sat Oct 08 13:28:50 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP102\A0090980.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
46: Sat Oct 08 13:28:52 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP102\A0091028.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
47: Sat Oct 08 13:28:59 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP104\A0091119.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
48: Sat Oct 08 13:28:59 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP104\A0092120.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
49: Sat Oct 08 13:28:59 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP104\A0093118.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
50: Sat Oct 08 13:29:00 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP105\A0093152.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
51: Sat Oct 08 13:29:01 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP105\A0093162.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
52: Sat Oct 08 13:29:03 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0093213.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
53: Sat Oct 08 13:29:03 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0094210.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
54: Sat Oct 08 13:29:03 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0094221.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
55: Sat Oct 08 13:29:04 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0095221.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
56: Sat Oct 08 13:29:06 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0095267.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
57: Sat Oct 08 13:29:07 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0096267.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
58: Sat Oct 08 13:29:09 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0096337.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
59: Sat Oct 08 13:29:10 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0096386.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
60: Sat Oct 08 13:29:12 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0096433.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
61: Sat Oct 08 13:29:13 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0097433.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
62: Sat Oct 08 13:29:17 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP112\A0097551.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
63: Sat Oct 08 13:29:19 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP114\A0097602.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
64: Sat Oct 08 13:29:21 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP114\A0097650.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
65: Sat Oct 08 13:29:22 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP114\A0098650.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
66: Sat Oct 08 13:29:24 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP114\A0098699.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
67: Sat Oct 08 13:29:27 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0098760.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
68: Sat Oct 08 13:29:28 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0099760.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
69: Sat Oct 08 13:29:30 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0100758.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
70: Sat Oct 08 13:29:32 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0100814.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
71: Sat Oct 08 13:29:33 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0100865.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
72: Sat Oct 08 13:29:38 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0101005.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
73: Sat Oct 08 13:29:39 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0101028.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
74: Sat Oct 08 13:29:40 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0102028.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
75: Sat Oct 08 13:29:41 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP117\A0102083.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
76: Sat Oct 08 13:29:41 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP117\A0102099.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
77: Sat Oct 08 13:29:43 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP118\A0102151.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
78: Sat Oct 08 13:29:43 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP118\A0102163.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
79: Sat Oct 08 13:29:48 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP118\A0102235.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
80: Sat Oct 08 13:29:48 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP118\A0102251.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
81: Sat Oct 08 13:29:52 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP118\A0102305.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
82: Sat Oct 08 13:29:52 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP118\A0102315.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
83: Sat Oct 08 13:29:54 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP119\A0102352.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
84: Sat Oct 08 13:29:57 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP119\A0102400.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
85: Sat Oct 08 13:32:32 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP85\A0072422.exe infected by "Trojan-Dropper.Win32.Juntador.c" Virus! Action Taken: No Action Taken.
86: Sat Oct 08 13:32:33 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP86\A0072455.exe infected by "Trojan-Dropper.Win32.Juntador.c" Virus! Action Taken: No Action Taken.
87: Sat Oct 08 13:33:10 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP96\A0084353.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
88: Sat Oct 08 13:33:10 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP96\A0084357.exe infected by "Trojan.Win32.DNSChanger.u" Virus! Action Taken: No Action Taken.
89: Sat Oct 08 13:33:10 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP96\A0084370.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
90: Sat Oct 08 13:33:10 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP96\A0084375.exe infected by "Trojan.Win32.DNSChanger.u" Virus! Action Taken: No Action Taken.
91: Sat Oct 08 13:33:15 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0085478.exe infected by "Trojan.Win32.DNSChanger.u" Virus! Action Taken: No Action Taken.
92: Sat Oct 08 13:33:15 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0085487.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
93: Sat Oct 08 13:33:15 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0085492.exe infected by "Trojan.Win32.DNSChanger.u" Virus! Action Taken: No Action Taken.
94: Sat Oct 08 13:33:15 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086487.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
95: Sat Oct 08 13:33:16 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086526.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
96: Sat Oct 08 13:33:16 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086542.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
97: Sat Oct 08 13:33:16 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086552.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
98: Sat Oct 08 13:33:16 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086564.exe infected by "Trojan-Dropper.Win32.Vidro.u" Virus! Action Taken: No Action Taken.
99: Sat Oct 08 13:33:16 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086572.exe infected by "Trojan.Win32.Qhost.df" Virus! Action Taken: No Action Taken.
100: Sat Oct 08 13:47:15 2005 => File C:\WINDOWS\browserxtras\pn\remove.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus! Action Taken: No Action Taken.
101: Sat Oct 08 14:13:34 2005 => File D:\Programme + Treiber\Sims 2\sims2_keyg*hier nicht*.zip infected by "Trojan-Spy.Win32.Briss.j" Virus! Action Taken: No Action Taken.
102: Sat Oct 08 14:20:55 2005 => File D:\Programme\ICQ\Received Files\Stefan\Ad-Aware v6 Pro\Lavasoft Ad-Aware 6 Pro Key Generator.exe infected by "Trojan-Dropper.Win32.Delf.dh" Virus! Action Taken: No Action Taken.
103: Sat Oct 08 14:22:17 2005 => File D:\Appz Games Stuff\homeworld 2\HomeWorld_2_keyg*hier nicht*.zip infected by "Trojan-Downloader.Win32.INService.i" Virus! Action Taken: No Action Taken.
104: Sat Oct 08 14:51:23 2005 => Scanning File E:\Mp3's\rave\Trance, Techno & House\Barthezz - Infected.mp3 [**]
105: Sat Oct 08 14:51:33 2005 => Scanning File E:\Mp3's\sum 41\Sum 41 - Does This Look Infected - 01 - Hell Song.mp3 [**]
106: Sat Oct 08 14:51:33 2005 => Scanning File E:\Mp3's\sum 41\Sum 41 - Does This Look Infected - 02 - Over My Head.mp3 [**]
107: Sat Oct 08 14:51:33 2005 => Scanning File E:\Mp3's\sum 41\Sum 41 - Does This Look Infected - 03 - My Direction.mp3 [**]
108: Sat Oct 08 14:51:33 2005 => Scanning File E:\Mp3's\sum 41\Sum 41 - Does This Look Infected - 04 - Still Waiting.mp3 [**]
109: Sat Oct 08 14:51:33 2005 => Scanning File E:\Mp3's\sum 41\Sum 41 - Does This Look Infected - 05 - Asshole.mp3 [**]
110: Sat Oct 08 14:51:33 2005 => Scanning File E:\Mp3's\sum 41\Sum 41 - Does This Look Infected - 06 - Yesterday.Com.mp3 [**]
111: Sat Oct 08 14:51:33 2005 => Scanning File E:\Mp3's\sum 41\Sum 41 - Does This Look Infected - 07 - All Messed Up.mp3 [**]
112: Sat Oct 08 14:51:33 2005 => Scanning File E:\Mp3's\sum 41\Sum 41 - Does This Look Infected - 08 - Mr. Amsterdam.mp3 [**]
113: Sat Oct 08 14:51:33 2005 => Scanning File E:\Mp3's\sum 41\Sum 41 - Does This Look Infected - 09 - Thanks For Nothing.mp3 [**]
114: Sat Oct 08 14:51:33 2005 => Scanning File E:\Mp3's\sum 41\Sum 41 - Does This Look Infected - 10 - Hyper-Insomnia.mp3 [**]
115: Sat Oct 08 14:51:33 2005 => Scanning File E:\Mp3's\sum 41\Sum 41 - Does This Look Infected - 11 - Billy Spleen.mp3 [**]
116: Sat Oct 08 14:51:33 2005 => Scanning File E:\Mp3's\sum 41\Sum 41 - Does This Look Infected - 12 - Hooch.mp3 [**]

--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------

1: Sat Oct 08 13:12:39 2005 => File C:\WINDOWS\System32\dxconf.exe tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
2: Sat Oct 08 13:27:07 2005 => File C:\Programme\PerfectNav\BHO\PerfectNav150c.dll tagged as "not-a-virus:AdWare.Win32.Perfnav.a". Action Taken: No Action Taken.
3: Sat Oct 08 13:28:32 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP100\A0086604.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
4: Sat Oct 08 13:28:36 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086691.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
5: Sat Oct 08 13:28:40 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0087900.exe tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
6: Sat Oct 08 13:28:40 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0087901.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
7: Sat Oct 08 13:28:46 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP102\A0090013.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
8: Sat Oct 08 13:29:00 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP105\A0093135.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
9: Sat Oct 08 13:29:33 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0100874.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
10: Sat Oct 08 13:29:42 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP117\A0102134.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
11: Sat Oct 08 13:29:49 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP118\A0102261.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
12: Sat Oct 08 13:29:53 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP119\A0102325.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
13: Sat Oct 08 13:29:54 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP119\A0102360.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
14: Sat Oct 08 13:29:59 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP62\A0048985.exe tagged as "not-a-virus:AdWare.Win32.Gator.4104". Action Taken: No Action Taken.
15: Sat Oct 08 13:30:00 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP62\A0048999.exe tagged as "not-a-virus:AdWare.Win32.Altnet.a". Action Taken: No Action Taken.
16: Sat Oct 08 13:30:00 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP62\A0049000.dll tagged as "not-a-virus:AdWare.Win32.Altnet.a". Action Taken: No Action Taken.
17: Sat Oct 08 13:30:00 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP62\A0049001.dll tagged as "not-a-virus:AdWare.Win32.Altnet.a". Action Taken: No Action Taken.
18: Sat Oct 08 13:30:01 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP62\A0049003.dll tagged as "not-a-virus:AdWare.Win32.BrilliantDigital.3039". Action Taken: No Action Taken.
19: Sat Oct 08 13:30:01 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP62\A0049004.dll tagged as "not-a-virus:AdWare.Win32.Altnet.j". Action Taken: No Action Taken.
20: Sat Oct 08 13:30:01 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP62\A0049005.dll tagged as "not-a-virus:AdWare.Win32.Altnet.a". Action Taken: No Action Taken.
21: Sat Oct 08 13:30:01 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP62\A0049008.exe tagged as "not-a-virus:AdWare.Win32.Altnet.b". Action Taken: No Action Taken.
22: Sat Oct 08 13:33:14 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP97\A0085408.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
23: Sat Oct 08 13:33:15 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086495.exe tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
24: Sat Oct 08 13:33:15 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086496.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
25: Sat Oct 08 13:33:16 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086574.exe tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
26: Sat Oct 08 13:33:16 2005 => File C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086575.exe tagged as "not-a-virus:AdWare.Win32.Msnagent.b". Action Taken: No Action Taken.
27: Sat Oct 08 13:56:59 2005 => File C:\WINDOWS\system32\dxconf.exe tagged as "not-a-virus:AdWare.Win32.FindSpy.a". Action Taken: No Action Taken.
28: Sat Oct 08 13:59:29 2005 => File D:\System Volume Information\_restore{86DB7E50-0FF1-41B3-BA0C-316BA92AC407}\RP99\A0064169.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.614. No Action Taken.
29: Sat Oct 08 14:05:02 2005 => File D:\System Volume Information\_restore{E35D0DFD-6DD2-4834-BA7D-1B76F5A5CF38}\RP16\A0015945.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.614. No Action Taken.
30: Sat Oct 08 14:12:51 2005 => File D:\Programme + Treiber\Anti Viren Programme\Hijackthis_198\backups\backup-20041101-180201-425.dll tagged as "not-a-virus:AdWare.Win32.WinAD". Action Taken: No Action Taken.
31: Sat Oct 08 14:12:51 2005 => File D:\Programme + Treiber\Anti Viren Programme\Hijackthis_198\backups\backup-20041102-220513-744.dll tagged as "not-a-virus:AdWare.Win32.Ramdud". Action Taken: No Action Taken.
32: Sat Oct 08 14:12:57 2005 => File D:\Programme + Treiber\icq lite, 03a & miranda & mirc & messenger & trillian\mirc\mirc614.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.614. No Action Taken.
33: Sat Oct 08 14:14:43 2005 => File D:\Programme + Treiber\Remote Administrator 2.1\RADMIN21.EXE tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.20. No Action Taken.
34: Sat Oct 08 14:16:15 2005 => File D:\Programme + Treiber\Distributed\dnetc-win32-x86\dnetc.exe tagged as not-a-virus:NetTool.Win32.Calc-DNet.i. No Action Taken.
35: Sat Oct 08 14:16:43 2005 => File D:\Programme + Treiber\Bolletproof FTP server\[APP] BulletProof FTP Server v2.30.15_Flash FXP v2.1 [build 924] + Crac*hier nicht!*\FTP Server\BulletProof FTP Server v2.30.15\BulletProof FTP Server v2.30.15 (Cracked)\G6FTPSrv.exe tagged as not-a-virus:Server-FTP.Win32.BulletProof.230. No Action Taken.
36: Sat Oct 08 14:16:47 2005 => File D:\Programme + Treiber\Bolletproof FTP server\BulletProof.FTP.Server.v2.30.15.WinAll.Cracked [XkingX]\eatbfs23.zip tagged as not-a-virus:Server-FTP.Win32.BulletProof.230. No Action Taken.
37: Sat Oct 08 14:32:02 2005 => File D:\Games\Half-Life\hltv.exe tagged as not-a-virus:Server-Proxy.Win32.Hltv. No Action Taken.
38: Sat Oct 08 14:53:58 2005 => File E:\Programme\Gamers.IRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
39: Sat Oct 08 14:59:15 2005 => File E:\Programme\mIRC\mirc.BAK tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
40: Sat Oct 08 14:59:15 2005 => File E:\Programme\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
41: Sat Oct 08 15:04:06 2005 => File E:\System Volume Information\_restore{B487772B-DDFE-4C64-B6E0-783A93020977}\RP40\A0031596.EXE tagged as not-a-virus:RemoteAdmin.Win32.RAdmin.20. No Action Taken.
42: Sat Oct 08 15:05:03 2005 => File E:\System Volume Information\_restore{C29E45D7-BED8-40A8-811D-29EBD6AB7DFF}\RP14\A0003044.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken.
43: Sat Oct 08 15:05:08 2005 => File E:\System Volume Information\_restore{C29E45D7-BED8-40A8-811D-29EBD6AB7DFF}\RP14\A0003107.exe tagged as not-a-virus:Server-Proxy.Win32.Hltv. No Action Taken.

--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------

1: Sat Oct 08 13:08:57 2005 => ERROR!!! Invalid Entry SpybotSD TeaTimer = E:\Programme\Spybot - Search & Destroy\TeaTimer.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
2: Sat Oct 08 13:09:02 2005 => ERROR!!! Invalid Entry System32\Drivers\HTTP.sys in SYSTEM\CurrentControlSet\Services\HTTP...
3: Sat Oct 08 13:09:02 2005 => ERROR!!! Invalid Entry system32\drivers\ip6fw.sys in SYSTEM\CurrentControlSet\Services\ip6fw...
4: Sat Oct 08 13:09:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MgAxCtrl.dll". Action Taken: No Action Taken.
5: Sat Oct 08 13:09:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\WinCommX.dll". Action Taken: No Action Taken.
6: Sat Oct 08 13:09:35 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\system32\wuweb.dll". Action Taken: No Action Taken.
7: Sat Oct 08 13:09:38 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Swift3D.exe" refers to invalid object "E:\Programme\Electric Rain\Swift 3D\Version 1.00\Swift3D.exe". Action Taken: No Action Taken.
8: Sat Oct 08 13:09:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".3dr". Action Taken: No Action Taken.
9: Sat Oct 08 13:09:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bsp". Action Taken: No Action Taken.
10: Sat Oct 08 13:09:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".CCD". Action Taken: No Action Taken.
11: Sat Oct 08 13:09:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".chr". Action Taken: No Action Taken.
12: Sat Oct 08 13:09:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cue". Action Taken: No Action Taken.
13: Sat Oct 08 13:09:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".iso". Action Taken: No Action Taken.
14: Sat Oct 08 13:09:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mir". Action Taken: No Action Taken.
15: Sat Oct 08 13:09:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".package". Action Taken: No Action Taken.
16: Sat Oct 08 13:09:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rm". Action Taken: No Action Taken.
17: Sat Oct 08 13:09:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tab". Action Taken: No Action Taken.
18: Sat Oct 08 13:09:39 2005 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
19: Sat Oct 08 13:09:39 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.0.6)". Action Taken: No Action Taken.
20: Sat Oct 08 13:09:40 2005 => Entry "HKCR\CLSID\{2B2CC8B0-2DC0-48c6-B6FD-C07820A6477E}" refers to invalid object "D:\Games\Command and Conquer Generäle\BrowserEngine.DLL". Action Taken: No Action Taken.
21: Sat Oct 08 13:09:41 2005 => Entry "HKCR\CLSID\{570158C3-B87B-11D4-BD2F-0004AC96D905}" refers to invalid object "D:\PROGRA~2\ICQ\icqchte.dll". Action Taken: No Action Taken.
22: Sat Oct 08 13:09:42 2005 => Entry "HKCR\CLSID\{8D8B7B08-C968-48CC-A0EF-DD4A0A8BC323}" refers to invalid object "D:\PROGRA~2\ICQ\icqplcht.dll". Action Taken: No Action Taken.
23: Sat Oct 08 13:09:42 2005 => Entry "HKCR\CLSID\{B220F7BF-8E37-11D4-BD28-0004AC96D905}" refers to invalid object "D:\PROGRA~2\ICQ\icqplcht.dll". Action Taken: No Action Taken.
24: Sat Oct 08 13:09:42 2005 => Entry "HKCR\CLSID\{B220F7C8-8E37-11D4-BD28-0004AC96D905}" refers to invalid object "D:\PROGRA~2\ICQ\icqplcht.dll". Action Taken: No Action Taken.
25: Sat Oct 08 13:09:42 2005 => Entry "HKCR\CLSID\{B220F7C9-8E37-11D4-BD28-0004AC96D905}" refers to invalid object "D:\PROGRA~2\ICQ\icqplcht.dll". Action Taken: No Action Taken.
26: Sat Oct 08 13:09:44 2005 => Entry "HKCR\TypeLib\{00000012-A527-34E7-25C2-03A4E313B2E9}" refers to invalid object "c:\WINDOWS\system32\winsrvs_1.dll". Action Taken: No Action Taken.
27: Sat Oct 08 13:09:44 2005 => Entry "HKCR\TypeLib\{080B0910-662C-4AA1-880F-84BCF179D506}" refers to invalid object "C:\DOKUME~1\DOMINI~1.UGA\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
28: Sat Oct 08 13:09:44 2005 => Entry "HKCR\TypeLib\{096705E0-3666-4CD7-BA2A-02A285A8135A}" refers to invalid object "C:\DOKUME~1\DOMINI~1.UGA\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
29: Sat Oct 08 13:09:44 2005 => Entry "HKCR\TypeLib\{44EDA138-6D6A-403F-8D27-300DE7F25046}" refers to invalid object "C:\DOKUME~1\DOMINI~1.UGA\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
30: Sat Oct 08 13:09:44 2005 => Entry "HKCR\TypeLib\{6EE45698-21BA-420D-AD40-1B547699BEFB}" refers to invalid object "D:\Games\Command and Conquer Generäle\BrowserEngine.DLL". Action Taken: No Action Taken.
31: Sat Oct 08 13:09:45 2005 => Entry "HKCR\TypeLib\{D0C57517-8CA8-4A82-93F1-25E4F2B22454}" refers to invalid object "C:\DOKUME~1\DOMINI~1.UGA\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
32: Sat Oct 08 13:09:45 2005 => Entry "HKCR\TypeLib\{E62579E5-E385-40AE-98C0-73F1AD3D1E55}" refers to invalid object "C:\DOKUME~1\DOMINI~1.UGA\LOKALE~1\Temp\Word8.0\MSForms.exd". Action Taken: No Action Taken.
33: Sat Oct 08 13:09:45 2005 => Entry "HKCR\.cf" refers to invalid object "dwtfile". Action Taken: No Action Taken.
34: Sat Oct 08 13:09:45 2005 => Entry "HKCR\.cfm" refers to invalid object "cfmfile". Action Taken: No Action Taken.
35: Sat Oct 08 13:09:45 2005 => Entry "HKCR\.cfml" refers to invalid object "cfmlfile". Action Taken: No Action Taken.
36: Sat Oct 08 13:09:45 2005 => Entry "HKCR\.jsp" refers to invalid object "asafile". Action Taken: No Action Taken.
37: Sat Oct 08 13:09:45 2005 => Entry "HKCR\.pcb" refers to invalid object "PCBFile". Action Taken: No Action Taken.
38: Sat Oct 08 13:09:45 2005 => Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
39: Sat Oct 08 13:09:46 2005 => Entry "HKCR\fukfile\shell\open\command" refers to invalid object ""D:\Games\Postal2\Postal2.exe" "%1"". Action Taken: No Action Taken.
40: Sat Oct 08 13:16:20 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\AlexaRelated.zip is Not Scanned
41: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit.zip is Not Scanned
42: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit1.zip is Not Scanned
43: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit10.zip is Not Scanned
44: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit11.zip is Not Scanned
45: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit12.zip is Not Scanned
46: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit13.zip is Not Scanned
47: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit14.zip is Not Scanned
48: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit15.zip is Not Scanned
49: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit16.zip is Not Scanned
50: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit17.zip is Not Scanned
51: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit18.zip is Not Scanned
52: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit19.zip is Not Scanned
53: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit2.zip is Not Scanned
54: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit20.zip is Not Scanned
55: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit21.zip is Not Scanned
56: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit22.zip is Not Scanned
57: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit23.zip is Not Scanned
58: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit3.zip is Not Scanned
59: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit4.zip is Not Scanned
60: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit5.zip is Not Scanned
61: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit6.zip is Not Scanned
62: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit7.zip is Not Scanned
63: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit8.zip is Not Scanned
64: Sat Oct 08 13:16:21 2005 => Result: ERROR!!! File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DSOExploit9.zip is Not Scanned
65: Sat Oct 08 14:16:37 2005 => Result: ERROR!!! File D:\Programme + Treiber\WinAce\rpc412.zip is Not Scanned
66: Sat Oct 08 14:17:02 2005 => Result: ERROR!!! File D:\Programme + Treiber\McAfee\Mcafee Virus Scan v8.0 2004 Full Cracked\vsc\enu\shared\agentcfg.cab is Not Scanned
67: Sat Oct 08 14:18:52 2005 => Result: ERROR!!! File D:\Programme + Treiber\McAfee\Mcafee Virusscan Professional 8 0\vsp\enu\shared\agentcfg.cab is Not Scanned
68: Sat Oct 08 14:21:16 2005 => Result: ERROR!!! File D:\Programme\Cheating-Death\4.29.5\cd.dll is Not Scanned
69: Sat Oct 08 14:21:16 2005 => Result: ERROR!!! File D:\Programme\Cheating-Death\cdeath.exe is Not Scanned
70: Sat Oct 08 14:21:16 2005 => Result: ERROR!!! File D:\Programme\Cheating-Death\4.30.1\cd.dll is Not Scanned
71: Sat Oct 08 14:21:16 2005 => Result: ERROR!!! File D:\Programme\Cheating-Death\4.31.0\cd.dll is Not Scanned
72: Sat Oct 08 14:28:43 2005 => ERROR!!! MS_ScanAndClean return ffffffff
73: Sat Oct 08 14:28:43 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\NAV\EXTERNAL\COMMONFI\SYMSHARE\CCPD-LC\UNICOWS.DLL

74: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
75: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCALER

76: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
77: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCAPP.

78: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
79: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCDEC.

80: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
81: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCEMLP

82: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
83: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCERRD

84: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
85: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCEVTM

86: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
87: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCLGVI

88: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
89: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCPROD

90: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
91: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCPROS

92: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
93: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCPWD.

94: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
95: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCPWDS

96: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
97: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCSCAN

98: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
99: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCSET.

100: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
101: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCSETE

102: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
103: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCSETM

104: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
105: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCVRTR

106: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
107: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCWEBW

108: Sat Oct 08 14:29:02 2005 => ERROR!!! FindFirstFile For D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\DECOM\ Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)
109: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
110: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\ECMLDR

111: Sat Oct 08 14:29:02 2005 => ERROR!!! FindFirstFile For D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\HELP\* Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)
112: Sat Oct 08 14:29:02 2005 => ERROR!!! MS_ScanAndClean return ffffffff
113: Sat Oct 08 14:29:02 2005 => ERROR!!! ScanFile fails for D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\NMAIN.

114: Sat Oct 08 14:29:12 2005 => ERROR!!! FindFirstFile For D:\Appz\NORTON\Norton SystemWorks + AntiVirus + Internet Security 2004 Pro ENG + keyg*hier nicht* TESTED (Zipped BIN)\Symantec 2004 Professional\Anti Virus\Norton AntiVirus 2004 Pro FINAL\Norton.Antivirus.2004.PRO FINAL\SUPPORT\MSREDIST\MSREDIST\SYSTEM32\REDIST\MS\SYST\ Failed!!! Reason is Das System kann den angegebenen Pfad nicht finden. (0x3)

--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------

1: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP100\A0086595.exe => Trojan-Dropper.Win32.Vidro.u
2: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086659.exe => Trojan-Dropper.Win32.Vidro.u
3: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086683.exe => Trojan-Dropper.Win32.Vidro.u
4: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086694.exe => Trojan-Dropper.Win32.Vidro.u
5: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086707.exe => Trojan-Dropper.Win32.Vidro.u
6: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086719.exe => Trojan-Dropper.Win32.Vidro.u
7: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086729.exe => Trojan-Dropper.Win32.Vidro.u
8: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086741.exe => Trojan-Dropper.Win32.Vidro.u
9: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086761.exe => Trojan-Dropper.Win32.Vidro.u
10: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0086768.exe => Trojan-Dropper.Win32.Vidro.u
11: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0087771.exe => Trojan-Dropper.Win32.Vidro.u
12: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0087817.exe => Trojan-Dropper.Win32.Vidro.u
13: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0087853.exe => Trojan-Dropper.Win32.Vidro.u
14: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0087899.exe => Trojan.Win32.Qhost.df
15: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP101\A0087980.exe => Trojan-Dropper.Win32.Vidro.u
16: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP102\A0088980.exe => Trojan-Dropper.Win32.Vidro.u
17: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP102\A0089980.exe => Trojan-Dropper.Win32.Vidro.u
18: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP102\A0090980.exe => Trojan-Dropper.Win32.Vidro.u
19: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP102\A0091028.exe => Trojan-Dropper.Win32.Vidro.u
20: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP104\A0091119.exe => Trojan-Dropper.Win32.Vidro.u
21: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP104\A0092120.exe => Trojan-Dropper.Win32.Vidro.u
22: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP104\A0093118.exe => Trojan-Dropper.Win32.Vidro.u
23: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP105\A0093152.exe => Trojan-Dropper.Win32.Vidro.u
24: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP105\A0093162.exe => Trojan-Dropper.Win32.Vidro.u
25: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0093213.exe => Trojan-Dropper.Win32.Vidro.u
26: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0094210.exe => Trojan-Dropper.Win32.Vidro.u
27: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0094221.exe => Trojan-Dropper.Win32.Vidro.u
28: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0095221.exe => Trojan-Dropper.Win32.Vidro.u
29: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0095267.exe => Trojan-Dropper.Win32.Vidro.u
30: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0096267.exe => Trojan-Dropper.Win32.Vidro.u
31: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0096337.exe => Trojan-Dropper.Win32.Vidro.u
32: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0096386.exe => Trojan-Dropper.Win32.Vidro.u
33: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0096433.exe => Trojan-Dropper.Win32.Vidro.u
34: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP107\A0097433.exe => Trojan-Dropper.Win32.Vidro.u
35: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP112\A0097551.exe => Trojan-Dropper.Win32.Vidro.u
36: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP114\A0097602.exe => Trojan-Dropper.Win32.Vidro.u
37: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP114\A0097650.exe => Trojan-Dropper.Win32.Vidro.u
38: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP114\A0098650.exe => Trojan-Dropper.Win32.Vidro.u
39: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP114\A0098699.exe => Trojan-Dropper.Win32.Vidro.u
40: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0098760.exe => Trojan-Dropper.Win32.Vidro.u
41: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0099760.exe => Trojan-Dropper.Win32.Vidro.u
42: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0100758.exe => Trojan-Dropper.Win32.Vidro.u
43: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0100814.exe => Trojan-Dropper.Win32.Vidro.u
44: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0100865.exe => Trojan-Dropper.Win32.Vidro.u
45: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0101005.exe => Trojan-Dropper.Win32.Vidro.u
46: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0101028.exe => Trojan-Dropper.Win32.Vidro.u
47: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP116\A0102028.exe => Trojan-Dropper.Win32.Vidro.u
48: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP117\A0102083.exe => Trojan-Dropper.Win32.Vidro.u
49: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP117\A0102099.exe => Trojan-Dropper.Win32.Vidro.u
50: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP118\A0102151.exe => Trojan-Dropper.Win32.Vidro.u
51: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP118\A0102163.exe => Trojan-Dropper.Win32.Vidro.u
52: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP118\A0102235.exe => Trojan-Dropper.Win32.Vidro.u
53: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP118\A0102251.exe => Trojan-Dropper.Win32.Vidro.u
54: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP118\A0102305.exe => Trojan-Dropper.Win32.Vidro.u
55: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP118\A0102315.exe => Trojan-Dropper.Win32.Vidro.u
56: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP119\A0102352.exe => Trojan-Dropper.Win32.Vidro.u
57: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP119\A0102400.exe => Trojan-Dropper.Win32.Vidro.u
58: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP85\A0072422.exe => Trojan-Dropper.Win32.Juntador.c
59: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP86\A0072455.exe => Trojan-Dropper.Win32.Juntador.c
60: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP96\A0084353.exe => Trojan-Dropper.Win32.Vidro.u
61: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP96\A0084357.exe => Trojan.Win32.DNSChanger.u
62: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP96\A0084370.exe => Trojan-Dropper.Win32.Vidro.u
63: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP96\A0084375.exe => Trojan.Win32.DNSChanger.u
64: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0085478.exe => Trojan.Win32.DNSChanger.u
65: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0085487.exe => Trojan-Dropper.Win32.Vidro.u
66: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0085492.exe => Trojan.Win32.DNSChanger.u
67: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086487.exe => Trojan-Dropper.Win32.Vidro.u
68: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086526.exe => Trojan-Dropper.Win32.Vidro.u
69: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086542.exe => Trojan-Dropper.Win32.Vidro.u
70: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086552.exe => Trojan-Dropper.Win32.Vidro.u
71: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086564.exe => Trojan-Dropper.Win32.Vidro.u
72: C:\System Volume Information\_restore{1AE0C763-AE08-4D37-91C2-5C978D7D85F3}\RP98\A0086572.exe => Trojan.Win32.Qhost.df
73: C:\WINDOWS\browserxtras\pn\remove.exe => Trojan-Downloader.Win32.Keenval.f
74: D:\System Volume Information\_restore{86DB7E50-0FF1-41B3-BA0C-316BA92AC407}\RP99\A0064169.exe => tagged:Client-IRC.Win32.mIRC.614.
75: D:\System Volume Information\_restore{E35D0DFD-6DD2-4834-BA7D-1B76F5A5CF38}\RP16\A0015945.exe => tagged:Client-IRC.Win32.mIRC.614.
76: D:\Programme + Treiber\icq lite, 03a & miranda & mirc & messenger & trillian\mirc\mirc614.exe => tagged:Client-IRC.Win32.mIRC.614.
77: D:\Programme + Treiber\Sims 2\sims2_keyg*hier nicht*.zip => Trojan-Spy.Win32.Briss.j
78: D:\Programme + Treiber\Remote Administrator 2.1\RADMIN21.EXE => tagged:RemoteAdmin.Win32.RAdmin.20.
79: D:\Programme + Treiber\Distributed\dnetc-win32-x86\dnetc.exe => tagged:NetTool.Win32.Calc-DNet.i.
80: D:\Programme + Treiber\Bolletproof FTP server\[APP] BulletProof FTP Server v2.30.15_Flash FXP v2.1 [build 924] + Crac*hier nicht!*\FTP Server\BulletProof FTP Server v2.30.15\BulletProof FTP Server v2.30.15 (Cracked)\G6FTPSrv.exe => tagged:Server-FTP.Win32.BulletProof.230.
81: D:\Programme + Treiber\Bolletproof FTP server\BulletProof.FTP.Server.v2.30.15.WinAll.Cracked [XkingX]\eatbfs23.zip => tagged:Server-FTP.Win32.BulletProof.230.
82: D:\Programme\ICQ\Received Files\Stefan\Ad-Aware v6 Pro\Lavasoft Ad-Aware 6 Pro Key Generator.exe => Trojan-Dropper.Win32.Delf.dh
83: D:\Appz Games Stuff\homeworld 2\HomeWorld_2_keyg*hier nicht*.zip => Trojan-Downloader.Win32.INService.i
84: D:\Games\Half-Life\hltv.exe => tagged:Server-Proxy.Win32.Hltv.
85: E:\Mp3's\sum 41\Sum 41 - Does This Look =>
86: E:\Programme\Gamers.IRC\mirc.exe => tagged:Client-IRC.Win32.mIRC.616.
87: E:\Programme\mIRC\mirc.BAK => tagged:Client-IRC.Win32.mIRC.616.
88: E:\Programme\mIRC\mirc.exe => tagged:Client-IRC.Win32.mIRC.616.
89: E:\System Volume Information\_restore{B487772B-DDFE-4C64-B6E0-783A93020977}\RP40\A0031596.EXE => tagged:RemoteAdmin.Win32.RAdmin.20.
90: E:\System Volume Information\_restore{C29E45D7-BED8-40A8-811D-29EBD6AB7DFF}\RP14\A0003044.exe => tagged:Client-IRC.Win32.mIRC.603.
91: E:\System Volume Information\_restore{C29E45D7-BED8-40A8-811D-29EBD6AB7DFF}\RP14\A0003107.exe => tagged:Server-Proxy.Win32.Hltv.

--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------

Sat Oct 08 15:14:19 2005 => Total Objects Scanned: 183675
Sat Oct 08 15:14:19 2005 => Total Virus(es) Found: 148
Sat Oct 08 15:14:19 2005 => Total Errors: 94
Sat Oct 08 15:14:19 2005 => Virus Database Date: 2005/10/08
Sat Oct 08 15:14:19 2005 => Virus Database Count: 152936
Sat Oct 08 16:40:55 2005 => Total Objects Scanned: 183675
Sat Oct 08 16:40:55 2005 => Total Virus(es) Found: 148
Sat Oct 08 16:40:55 2005 => Total Errors: 94


danke daweil für eure hilfe, finde ich echt super

#9 falls der escan nicht loescht, musst du die Systemwiederherstellung deaktivieren, dann in die killbox kopieren;
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
C:\WINDOWS\system32\dxconf.exe
E:\Eigene Dateien\band page\index.html
C:\Dokumente und Einstellungen\Dominik.UGASHAKA\Lokale Einstellungen\temp\cmdlineext02.dll
C:\Dokumente und Einstellungen\Dominik.UGASHAKA\Lokale Einstellungen\Temporary Internet Files\content.ie5\o1u7gtav\adsend[1].js
C:\Dokumente und Einstellungen\Dominik.UGASHAKA\Lokale Einstellungen\temporary internet files\content.ie5\01q3gtuv\stylesheet[1].css
C:\Dokumente und Einstellungen\Dominik.UGASHAKA\Lokale Einstellungen\temporary internet files\content.ie5\kzv3ygdl\adswrapper[1].js
C:\WINDOWS\browserxtras\pn\remove.exe

neustarten

C:\WINDOWS\browserxtras (loeschen)

die temp-Dateien mit CCleaner loeschen
http://virus-protect.org/temp.html
und noch mal mit escan scannen (vorher muss die log-Datei ..mwav.log..vom alten scann geloescht werden)

dann scanne mit kaspersky und panda + berichte
__________
MfG Sabina

rund um die PC-Sicherheit