Taskmanager und Registry gesperrt-Virus, wie entfernen??

#0
31.07.2009, 11:49
Member

Beiträge: 12
#1 1.
Problembeschreibung / Symptome ?

Hallo,

ich habe meinen PC neu aufgesetzt. früher war Vista drauf, jetzt XP.
Es hat alles wunderbar funktioniert.
Ich habe den Chipsatztreiber Grafik und Sound Treiber sowie Symantec Endpoint Protection und den Lan Treiber installiert.

Seit(ich denke seit da) der Lan Treiber installiert ist, gibt es Probleme.
SEP lässt sich nicht öffnen, neue Virenprogramme nicht installieren.

Der Taskmanager wurde angeblich durch den Administrator gesperrt genauso wie das Bearbeiten der Registrx(war für eine installation nötig).


Online Scans lassen sich nicht öffnen--Server nicht gefunden

Virustotal oä um den Lan Treiber zu checken gehe nicht...--Server nicht gefudnen.

-----------------------------------------------------------------------------------------------



3.
mache einen Scan mit Malwarebytes -


Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2534
Windows 5.1.2600 Service Pack 3

31.07.2009 11:42:15
mbam-log-2009-07-31 (11-42-14).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 81591
Laufzeit: 2 minute(s), 48 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)




-----------------------------------------------------------------------------------------------

4.
Erstellen eines Hijackthis-Logfiles

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:33, on 31.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOKUME~1\Damien\LOKALE~1\Temp\Temporäres Verzeichnis 1 für HiJackThis.zip\HijackThis.exe
C:\DOKUME~1\Damien\LOKALE~1\Temp\ctqb.exe
C:\DOKUME~1\Damien\LOKALE~1\Temp\jraj.exe
C:\DOKUME~1\Damien\LOKALE~1\Temp\winuufbso.exe
C:\DOKUME~1\Damien\LOKALE~1\Temp\w3f1b4.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249025893062
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)

--
End of file - 4540 bytes


-----------------------------------------------------------------------------------------------

5.
Erstellen einer Uninstall Liste

32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.2 - Deutsch
CDBurnerXP
DLRG Fragenkatalog Rettungsschwimmen
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
Intel(R) Netzwerkanschlüsse
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access Runtime (German) 2007
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Realtek High Definition Audio Driver
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB938464-v2)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB972260)
Sicherheitsupdate für Windows XP (KB973346)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update für Windows Internet Explorer 8 (KB972636)
Update für Windows XP (KB951978)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
VLC media player 1.0.1
Windows Imaging Component
Windows Internet Explorer 8
Windows XP Service Pack 3
XML Paper Specification Shared Components Language Pack 1.0

-----------------------------------------------------------------------------------------------






Ich hoffe sehr, dass Ihr mir weiterhelfen könnt, denn ich weiß derzeit keinen Ausweg.

Wenn weitere Informationen benötigt werden, bitte mir genau erklären wo ich diese herbekomme.

LG Dimdida
Seitenanfang Seitenende
31.07.2009, 16:06
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#2 Temp File Cleaner
Download TFC.exe by OldTimer zum Desktop
Schliesse alle fenster und doppelklick TFC.exe um das Programm zu starten
Vista benutzer: rechtermausklick auf TFC.exe und waehle "Run as an Administrator"
Lasse Temp File Cleaner seine Arbeit tun
Am Ende wird dein Rechner neu starten,wenn nicht starte manuell neu

Lade/entpacke HijackThis in einen extra Ordner, Benenne Hijackthis in HJT um, starte es und waehle
---> None of the above just start the program --> Scan -> Save log --> hijackthis.log - Save - es öffnet sich der Editor

nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"

Zitat

C:\DOKUME~1\Damien\LOKALE~1\Temp\Temporäres Verzeichnis 1 für HiJackThis.zip\HijackThis.exe
ComboFix(by sUBs)
Download ComboFix und speichert es auf den Desktop!
Download link 1 ComboFix
Download link 2 ComboFix
Note:Wenn wehrend du Combofix runterlaedst oder anwendet ein Meldung deines Virenscanner kommt oder ein anderen Realtime scanner
Schalte diese scanner dann aus und download ComboFix erneut
Es gibt scanner die bestimmte komponente die durch CF benutzt werden als verdaechtig ansehen und versucht sie zu blokkieren oder zu entfernen

Starte combofix.exe
Folge den Instruktionen in das Fenster
Wenn ComboFix schon vorher benutzt worden ist kann es sein das du eine Meldung bekommst das es ein Update gibt
Erlaube diesen Update und klicke OK im "NirCmd“ fenster klicke nach ablauf auf "ja“um den Scan zu starten
Während Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\ combofix.txt)
nun das KOMPLETTE Log mit rechtem Mausklick ab kopieren und ins Forum mit rechtem Mausklick "einfügen"
Befolge diese Anleitung
__________
MfG Argus
Seitenanfang Seitenende
31.07.2009, 19:43
Member

Themenstarter

Beiträge: 12
#3 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:18, on 31.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\DOKUME~1\Damien\LOKALE~1\Temp\fyeu.exe
C:\DOKUME~1\Damien\LOKALE~1\Temp\ndigiq.exe
C:\DOKUME~1\Damien\LOKALE~1\Temp\w7be3d.exe
C:\DOKUME~1\Damien\LOKALE~1\Temp\winlboxv.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Damien\Desktop\protecus\HJT\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249025893062
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)

--
End of file - 4991 bytes













ComboFix 09-07-29.04 - Damien 31.07.2009 20:04.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1693 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Damien\Desktop\protecus\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1f75fa.msi
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((( Dateien erstellt von 2009-06-28 bis 2009-07-31 ))))))))))))))))))))))))))))))
.

2009-07-31 17:52 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-07-31 17:51 . 2009-07-31 17:51 -------- d-----w- c:\programme\Microsoft Works
2009-07-31 17:51 . 2009-07-31 17:51 -------- d-----w- c:\programme\Microsoft.NET
2009-07-31 17:49 . 2009-07-31 17:49 -------- d-----w- c:\programme\Microsoft Visual Studio 8
2009-07-31 17:48 . 2009-07-31 17:49 -------- d-----w- c:\windows\SHELLNEW
2009-07-31 17:48 . 2009-07-31 17:48 -------- d--h--r- C:\MSOCache
2009-07-31 10:50 . 2009-07-31 11:17 -------- d-----w- c:\programme\Cossacks - Back To War
2009-07-31 10:50 . 2002-08-09 20:17 4292608 ----a-r- c:\windows\una2setup.exe
2009-07-31 10:39 . 2009-07-31 10:47 -------- d-----w- c:\programme\Cossacks
2009-07-31 10:39 . 2009-07-31 10:39 53248 ----a-w- c:\windows\system32\unrar.dll
2009-07-31 10:38 . 2002-04-22 12:30 4284416 ----a-r- c:\windows\uncsetup.exe
2009-07-31 09:57 . 2009-07-31 09:57 -------- d-sh--w- c:\dokumente und einstellungen\Damien\IECompatCache
2009-07-31 09:13 . 2009-07-31 09:13 -------- d-----w- c:\dokumente und einstellungen\Damien\Anwendungsdaten\Malwarebytes
2009-07-31 09:13 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-31 09:13 . 2009-07-31 09:13 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2009-07-31 09:13 . 2009-07-31 09:13 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-07-31 09:13 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-31 08:31 . 2009-07-31 08:31 -------- d-sh--w- c:\dokumente und einstellungen\Damien\PrivacIE
2009-07-31 08:29 . 2009-07-31 08:29 -------- d-sh--w- c:\dokumente und einstellungen\Damien\IETldCache
2009-07-31 08:19 . 2009-07-19 16:41 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-31 08:19 . 2009-07-03 16:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-31 08:19 . 2009-07-03 16:55 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-31 08:19 . 2009-07-03 16:55 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-31 08:19 . 2009-07-03 16:55 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-31 08:19 . 2009-07-03 16:55 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-31 08:19 . 2009-07-31 08:19 -------- d-----w- c:\windows\ie8updates
2009-07-31 08:19 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-31 08:18 . 2009-07-31 08:19 -------- dc-h--w- c:\windows\ie8
2009-07-31 08:13 . 2009-07-31 08:13 -------- d-----w- c:\programme\MSXML 4.0
2009-07-31 08:08 . 2008-06-14 17:32 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-07-31 08:06 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-07-31 08:06 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-07-31 08:06 . 2008-04-21 21:13 217600 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-07-31 07:58 . 2009-07-31 07:58 -------- d-----w- c:\windows\system32\de
2009-07-31 07:58 . 2009-07-31 07:58 -------- d-----w- c:\windows\system32\bits
2009-07-31 07:58 . 2009-07-31 07:58 -------- d-----w- c:\windows\l2schemas
2009-07-31 07:52 . 2009-07-31 07:52 -------- d-----w- c:\dokumente und einstellungen\Damien\Anwendungsdaten\dvdcss
2009-07-31 07:50 . 2008-04-14 02:23 226816 -c----w- c:\windows\system32\dllcache\npdrmv2.dll
2009-07-31 07:41 . 2009-07-31 08:22 -------- d--h--w- c:\windows\$hf_mig$
2009-07-30 16:11 . 2009-07-30 16:11 -------- d-----w- c:\dokumente und einstellungen\Damien\Lokale Einstellungen\Anwendungsdaten\Identities
2009-07-30 14:44 . 2009-07-30 14:44 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\WEBREG
2009-07-30 14:42 . 2009-07-30 14:42 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\HPSSUPPLY
2009-07-30 14:42 . 2009-07-30 14:42 -------- d-----w- c:\dokumente und einstellungen\Damien\Anwendungsdaten\HPAppData
2009-07-30 14:41 . 2009-07-30 14:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP
2009-07-30 14:41 . 2009-07-30 14:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP Product Assistant
2009-07-30 14:41 . 2009-07-30 14:41 -------- d-----w- c:\programme\Gemeinsame Dateien\HP
2009-07-30 14:41 . 2009-07-30 14:41 -------- d-----w- c:\programme\Hewlett-Packard
2009-07-30 14:40 . 2009-07-30 14:40 -------- d-----w- c:\programme\Gemeinsame Dateien\Hewlett-Packard
2009-07-30 14:40 . 2007-03-08 04:20 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-07-30 14:40 . 2007-03-08 04:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-07-30 14:40 . 2007-03-08 04:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-07-30 14:40 . 2009-07-30 14:40 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Hewlett-Packard
2009-07-30 14:40 . 2007-03-30 15:29 267864 ----a-r- c:\windows\system32\hpzids01.dll
2009-07-30 14:40 . 2007-03-28 12:01 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll
2009-07-30 14:39 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-07-30 14:39 . 2007-03-17 06:39 675840 ----a-r- c:\windows\system32\hpowiax4.dll
2009-07-30 14:39 . 2007-03-17 06:39 303104 ----a-r- c:\windows\system32\hpovst11.dll
2009-07-30 14:39 . 2007-03-17 06:39 958464 ----a-r- c:\windows\system32\hpotiop4.dll
2009-07-30 14:39 . 2007-03-08 04:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-07-30 14:39 . 2007-03-08 04:20 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-07-30 14:39 . 2009-07-30 14:42 -------- d-----w- c:\programme\HP
2009-07-30 14:38 . 2009-07-30 14:44 158748 ----a-w- c:\windows\hpoins15.dat
2009-07-30 14:38 . 2007-06-05 23:04 1039 ------w- c:\windows\hpomdl15.dat
2009-07-30 14:36 . 2009-07-30 14:38 -------- d-----w- C:\DLRG
2009-07-30 14:35 . 2009-07-30 14:35 -------- d-----w- c:\dokumente und einstellungen\Damien\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
2009-07-30 14:35 . 2009-07-31 17:52 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2009-07-30 14:35 . 2009-07-30 14:35 -------- d-----w- c:\programme\MSECache
2009-07-30 14:32 . 2009-07-30 14:32 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe
2009-07-30 14:24 . 2009-07-30 14:35 -------- d-----w- c:\dokumente und einstellungen\Damien\Lokale Einstellungen\Anwendungsdaten\Adobe
2009-07-30 14:05 . 2009-07-30 14:05 -------- d-sh--w- c:\dokumente und einstellungen\Damien\UserData
2009-07-30 14:03 . 2009-07-30 14:03 -------- d-----w- c:\programme\CDBurnerXP
2009-07-30 13:58 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-07-30 13:58 . 2009-07-31 08:29 -------- d-----w- c:\windows\system32\de-DE
2009-07-30 13:57 . 2009-07-30 13:58 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-30 13:57 . 2009-07-30 13:57 -------- d-----w- c:\programme\MSBuild
2009-07-30 13:57 . 2009-07-30 13:57 -------- d-----w- c:\programme\Reference Assemblies
2009-07-30 13:56 . 2009-07-30 13:57 -------- d-----w- C:\8b2da314928befb213ffc678
2009-07-30 13:56 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-30 13:56 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-30 13:56 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-30 13:56 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-30 13:56 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-30 13:56 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-30 13:56 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-30 13:55 . 2009-07-30 13:55 -------- d-----w- c:\programme\MSXML 6.0
2009-07-29 05:45 . 2009-07-29 05:45 -------- d-----w- c:\windows\system32\Lang
2009-07-29 05:43 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-07-29 05:43 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2009-07-29 05:43 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-07-29 05:43 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2009-07-29 05:43 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2009-07-29 05:43 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2009-07-29 05:43 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2009-07-29 05:43 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2009-07-29 05:43 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2009-07-29 05:43 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2009-07-29 05:43 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2009-07-29 05:34 . 2009-07-31 17:50 18256 ----a-w- c:\dokumente und einstellungen\Damien\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-07-29 05:34 . 2009-07-29 05:34 -------- d-----w- c:\dokumente und einstellungen\LocalService\Startmenü
2009-07-29 05:33 . 2009-07-31 07:59 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-07-29 05:30 . 2009-07-29 05:30 1991824 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-07-29 05:30 . 2009-07-30 14:40 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NOS
2009-07-29 05:30 . 2009-07-30 14:39 -------- d-----w- c:\programme\NOS
2009-07-29 05:15 . 2009-07-29 05:15 -------- d-----w- c:\windows\ServicePackFiles
2009-07-29 05:15 . 2009-01-07 16:20 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-07-29 05:14 . 2009-07-31 07:59 -------- d-----w- c:\windows\EHome

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-31 08:34 . 2001-08-23 12:00 80290 ----a-w- c:\windows\system32\perfc007.dat
2009-07-31 08:34 . 2001-08-23 12:00 448726 ----a-w- c:\windows\system32\perfh007.dat
2009-07-31 08:02 . 2009-07-31 07:51 -------- d-----w- c:\dokumente und einstellungen\Damien\Anwendungsdaten\vlc
2009-07-31 08:00 . 2009-07-28 08:49 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-07-31 07:50 . 2009-07-31 07:50 -------- d-----w- c:\programme\VideoLAN
2009-07-29 05:42 . 2009-07-29 05:42 -------- d--h--w- c:\programme\InstallShield Installation Information
2009-07-29 05:42 . 2009-07-29 05:42 -------- d-----w- c:\programme\Realtek
2009-07-29 05:42 . 2009-07-29 05:42 -------- d-----w- c:\programme\Gemeinsame Dateien\InstallShield
2009-07-28 11:51 . 2009-07-28 08:59 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Symantec
2009-07-28 11:47 . 2009-07-28 08:59 -------- d-----w- c:\programme\Symantec
2009-07-28 11:47 . 2009-07-28 08:59 -------- d-----w- c:\programme\Gemeinsame Dateien\Symantec Shared
2009-07-28 09:35 . 2009-07-28 09:35 -------- d-----w- c:\programme\AGEIA Technologies
2009-07-28 09:35 . 2009-07-28 09:35 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2009-07-28 09:35 . 2009-07-28 09:35 -------- d-----w- c:\programme\NVIDIA Corporation
2009-07-28 09:35 . 2009-07-28 09:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
2009-07-28 09:03 . 2009-07-28 08:53 -------- d-----w- c:\programme\Intel
2009-07-28 08:49 . 2009-07-28 08:49 -------- d-----w- c:\programme\microsoft frontpage
2009-07-28 08:49 . 2009-07-28 08:49 2678 ----a-w- c:\windows\java\Packages\Data\ERVNNFND.DAT
2009-07-28 08:49 . 2009-07-28 08:49 558142 ----a-w- c:\windows\java\Packages\O4A77R5J.ZIP
2009-07-28 08:49 . 2009-07-28 08:49 2678 ----a-w- c:\windows\java\Packages\Data\7FRNP7VD.DAT
2009-07-28 08:49 . 2009-07-28 08:49 2678 ----a-w- c:\windows\java\Packages\Data\FVFT3VXF.DAT
2009-07-28 08:49 . 2009-07-28 08:49 2678 ----a-w- c:\windows\java\Packages\Data\E3RT37JR.DAT
2009-07-28 08:49 . 2009-07-28 08:49 2678 ----a-w- c:\windows\java\Packages\Data\7V1JZTB3.DAT
2009-07-28 08:49 . 2009-07-28 08:49 155995 ----a-w- c:\windows\java\Packages\C8ODZVLZ.ZIP
2009-07-28 08:49 . 2009-07-28 08:49 -------- d-----w- c:\programme\Online-Dienste
2009-07-28 08:48 . 2009-07-28 08:48 -------- d-----w- c:\programme\Gemeinsame Dateien\Dienste
2009-07-28 08:47 . 2009-07-28 08:47 21740 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-20 17:08 . 2009-07-29 05:42 5795328 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-07-20 09:12 . 2009-07-29 05:42 18670592 ----a-w- c:\windows\RTHDCPL.EXE
2009-07-14 18:54 . 2009-07-28 09:35 485920 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-14 18:54 . 2009-07-28 09:34 868352 ----a-w- c:\windows\system32\nvapi.dll
2009-07-14 18:54 . 2009-07-28 09:34 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-07-14 18:54 . 2009-07-28 09:34 2189856 ----a-w- c:\windows\system32\nvcuvid.dll
2009-07-14 18:54 . 2009-07-28 09:34 2002944 ----a-w- c:\windows\system32\nvcuda.dll
2009-07-14 18:54 . 2009-07-28 09:34 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-07-14 18:54 . 2009-07-28 09:34 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-07-14 18:54 . 2009-07-28 09:34 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-07-14 18:54 . 2009-07-28 09:34 10457088 ----a-w- c:\windows\system32\nvoglnt.dll
2009-07-14 18:54 . 2009-07-28 09:34 5842816 ----a-w- c:\windows\system32\nv4_disp.dll
2009-07-14 18:54 . 2009-07-28 09:34 1597690 ----a-w- c:\windows\system32\nvdata.bin
2009-07-10 05:01 . 2009-07-28 09:34 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-08 14:34 . 2009-07-28 08:53 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-07-03 16:55 . 2002-08-29 01:43 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 07:30 . 2009-07-28 09:02 256712 ----a-w- c:\windows\system32\PROUnstl.exe
2009-06-26 16:49 . 2009-06-26 16:49 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-24 08:43 . 2009-07-29 05:42 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-06-24 06:24 . 2009-06-24 06:24 184320 ----a-w- c:\windows\system32\Ncs2Setp.dll
2009-06-24 06:15 . 2009-06-24 06:15 764536 ----a-w- c:\windows\system32\ncs2dmix.dll
2009-06-24 06:15 . 2009-06-24 06:15 539256 ----a-w- c:\windows\system32\accesor.dll
2009-06-24 05:55 . 2009-06-24 05:55 141944 ----a-w- c:\windows\system32\ncs2instutility.dll
2009-06-24 05:46 . 2009-06-24 05:46 1620600 ----a-w- c:\windows\system32\ncscolib.dll
2009-06-23 22:54 . 2009-06-23 22:54 30880 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2009-06-22 15:39 . 2009-07-29 05:42 1482752 ----a-w- c:\windows\RtlUpd.exe
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2002-08-29 01:43 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-05-20 05:56 . 2009-05-20 05:56 116360 ----a-w- c:\windows\system32\drivers\ianswxp.sys
2009-05-07 15:32 . 2002-08-29 01:43 348160 ----a-w- c:\windows\system32\localspl.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1735200]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 109424]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 126976]
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2009-07-31 133416]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-07-20 18670592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[COLOR=RED] SafeBoot Registrierungsschlüssel muss repariert werden. Dieser PC kann nicht im abgesicherten Modus starten. [/COLOR]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\NVIDIA Corporation\\nView\\nwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Programme\\HP\\Smart Web Printing\\hpswp_clipbook.exe"=
"c:\\Programme\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\Programme\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Dokumente und Einstellungen\\Damien\\Desktop\\protecus\\TFC.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\Product Assistant\\bin\\hprblog.exe"=

R3 abp470n5;abp470n5;\??\c:\windows\System32\drivers\esgvk.sys --> c:\windows\System32\drivers\esgvk.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-31 20:06
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
Zeit der Fertigstellung: 2009-07-31 20:07
ComboFix-quarantined-files.txt 2009-07-31 18:07

Vor Suchlauf: 8 Verzeichnis(se), 486.391.468.032 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 486.284.492.800 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

281

















Vielen Dank für die Hilfe bis hierhin, auch wenn cih noch nciht weiss, was die Log files nun aussagen...

ich freue mich auf weitere Arbeit^^

LG dimdida
Dieser Beitrag wurde am 31.07.2009 um 20:15 Uhr von dimdida editiert.
Seitenanfang Seitenende
31.07.2009, 22:58
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#4 Poste mal ein log von GMER
http://board.protecus.de/t23187.htm
__________
MfG Argus
Seitenanfang Seitenende
31.07.2009, 22:58
Member

Themenstarter

Beiträge: 12
#5 PS Das hatte ich bisher vergessen:
Ich vermute da sist auch eine Folge des Virus?

Es kommt wenn ich nen USB pder externe Platte anschliesse "Windows-Kein Datenträger" Fehlermeldung.



Um den Abend heute bis zur Viruslösung rum zu bekommen habe ich Warrock(PC Spiel findet man auch bei wikipedia)
installiert und als ich es starten wollte kam folgende Meldung:


http://www.xup.in/dl,21292822/warrock.JPG/




Kann es sein, dass ähnliches auch mit meinem vor 2 tagen installierten SEP gemacht wurde?

OMG Was soll der Mist bloss?
Seitenanfang Seitenende
31.07.2009, 23:20
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#6 datfindbat
Download datFindbat zum Desktop

Starte diese Batchdatei datfind.bat danach öffnet sich ein Notepad/Editor Fenster.
Kopiere den Inhalt bis auf 39 Tage im Thread

Manchmal befinden sich Dateien auf dem Rechner, die von Viren, Spyware oder Backdoors abgelegt wurden und welche ein Antivirenscanner nicht auf Anhieb findet.
Deshalb haben wir diese bat-Datei erstellt, um genau nachprüfen zu können, was sich in
Verzeichnis von C:\WINDOWS\system32
Verzeichnis von C:\WINDOWS
Verzeichnis von C:\DOCUME~1\user\LOCALS~1\Temp
Verzeichnis von C:\WINDOWS\temp
Verzeichnis von C:\WINDOWS\Downloaded Program Files
und den temporären Dateien befindet.
__________
MfG Argus
Seitenanfang Seitenende
01.08.2009, 01:11
Member

Themenstarter

Beiträge: 12
#7 GMER 1.0.15.15011 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-01 09:29:31
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \??\C:\DOKUME~1\Damien\LOKALE~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\System32\drivers\esgvk.sys Das System kann die angegebene Datei nicht finden. !
? C:\DOKUME~1\Damien\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411951FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125CB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D43F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41363C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41363B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41363BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41363A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41363A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41363C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41363AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 41363F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411951FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41363C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41363B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41363BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41363A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41363A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41363C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41363AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411951FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125CB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D43F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41363C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41363B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41363BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41363A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41363A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41363C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41363AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 41363F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411951FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125CB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D43F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41363C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41363B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41363BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41363A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41363A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41363C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41363AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 41363F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411951FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125CB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D43F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41363C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41363B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41363BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41363A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41363A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41363C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41363AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 41363F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\uninst.exe 0 bytes

---- EOF - GMER 1.0.15 ----
Dieser Beitrag wurde am 01.08.2009 um 09:31 Uhr von dimdida editiert.
Seitenanfang Seitenende
01.08.2009, 01:47
Ehrenmitglied
Avatar Argus

Beiträge: 6028
Seitenanfang Seitenende
01.08.2009, 09:45
Member

Themenstarter

Beiträge: 12
#9 Danke...

leider ging bei mir das Lden der Siete nicht, aber ein Kollege hats gedownloaded und neu geuppt...


Da dort sehr "wirre" Folgen von Daten sind und es wechselt ziwschen 2001 und 2009 udn allem dazwischen, weiss ich nicht genau, welche Teile du nun benötigst, deshalb als Anhang die TXT...




Noch eine Frage:
Ist das alles jetzt erst noch Vorbereitung um mir helfen zu können, oder sind das nur weitere Schritte, weil du schon eine Fährte hast?



Liebste Grüße

dimdida

Anhang: dirdat.txt
Seitenanfang Seitenende
01.08.2009, 10:01
Member

Themenstarter

Beiträge: 12
#10 Komischer Weise hat sich dieses anti vir nun installieren lassen (nach dem zweiten anlauf)

habe gleich die updates gezogen

programm wurde gsckossen

neu gestartet und schnel genug auf system scan gedrückt..



hat ettliche trojaner wie den im anhang gefunden, habe angewählt "alle folgende auf die selbe weise behandeln (in quarantäne schieben)"


hoffe das war gut so?




Der Scan hat nun schon über 500 mal was gefudnen udn wenn ich nichts übersehen habe, handelt es sich um

W32/Sality.AA
http://www.xup.in/dl,16770712/avira_scan-zwischenstand.JPG/

Falss du den nicht kennst, wirst du vermutlich auch googlen, ich habe das mal gemacht:
http://www.f-secure.com/v-descs/virus_w32_sality_aa.shtml
[ http://www.avira.com/de/threats/section/fulldetails/id_vir/4479/w32_sality.y.html
]
https://www.pc-magazin.de/internet/cm/virenecke/show_sophos.php?id=3163



Vielleicht erleichtert das ja eineiges an deiner Arbeit??
Ich vermute mal, es gibt zu allem was Avira nun macht/dann gamacht hat auch i wo einen log udn den willste haben ja?
Wo bekomme ich den?






nun ist der scan durch und cih soll eine aktion wählen für die 528 exe dateien in denen der virus drinnen ist:
Screenshot:
http://www.xup.in/dl,15971737/avira_scan-ende.JPG/

Es gitb repaieren udn abbrechen...

ich warte mal noch bis ich von dir höre.







Was sind nächste Schritte? oder musst du erst analysieren?

Danke dir dass du dir dei Zeit für mich nimmst

Dieser Beitrag wurde am 01.08.2009 um 10:37 Uhr von dimdida editiert.
Seitenanfang Seitenende
01.08.2009, 11:05
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#11 Es bleibt dir nicht anderes als Format C:\
Man kann es vergleichen mit Virut,da hilft auch nichts als Format
http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=74007

Achte darauf das man nicht ohne ein Realtime Virenscanner ins Netz geht
__________
MfG Argus
Seitenanfang Seitenende
01.08.2009, 11:25
Member

Themenstarter

Beiträge: 12
#12 Format C:\ ist das mit einem Neu aufsetzen des Betriebssystems verbunden?

Wie wäre eine genau Vorgehensweise nun?



Was meinst du mit Realtime Virenscanner?




Im google werden zur Beseitigung dieses Virus einiges Tools ausgegeben...

was hälst du von denen?

Nichts?


das hier fährt bsp weise im protecus board rum:

http://www.avg.com/de.52.ndi-67769





Ok Anhang geht nciht wegene angeblich Verbotenem Dateiende...




also eben heir den ganzen Text:




Avira AntiVir Personal
Report file date: Samstag, 1. August 2009 09:55

Scanning for 1584543 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : BEILAMPE

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 03.06.2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 11.05.2009 08:14:47
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.06.2009 07:54:04
ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 19.07.2009 07:54:09
ANTIVIR3.VDF : 7.1.5.57 445952 Bytes 31.07.2009 07:54:10
Engineversion : 8.2.0.238
AEVDF.DLL : 8.1.1.1 106868 Bytes 30.04.2009 10:52:04
AESCRIPT.DLL : 8.1.2.22 450938 Bytes 01.08.2009 07:54:16
AESCN.DLL : 8.1.2.4 127348 Bytes 01.08.2009 07:54:15
AERDL.DLL : 8.1.2.4 430452 Bytes 01.08.2009 07:54:15
AEPACK.DLL : 8.1.3.18 401783 Bytes 27.05.2009 15:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 01.08.2009 07:54:14
AEHEUR.DLL : 8.1.0.147 1884536 Bytes 01.08.2009 07:54:14
AEHELP.DLL : 8.1.5.3 233846 Bytes 01.08.2009 07:54:12
AEGEN.DLL : 8.1.1.53 356724 Bytes 01.08.2009 07:54:11
AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 01.08.2009 07:54:11
AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 14:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17.04.2009 09:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Samstag, 1. August 2009 09:55

Starting search for hidden objects.
'39114' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
C:\DOKUME~1\Damien\LOKALE~1\Temp\qxxyx.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'qxxyx.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\qxxyx.exe'
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
C:\DOKUME~1\Damien\LOKALE~1\Temp\lwmp.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'lwmp.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\lwmp.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\quwdr.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'quwdr.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\quwdr.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\winxtlw.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'winxtlw.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winxtlw.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\winietgu.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'winietgu.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winietgu.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\dlwty.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'dlwty.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\dlwty.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\winxlcf.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'winxlcf.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winxlcf.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\winucxdq.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'winucxdq.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winucxdq.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\royy.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'royy.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\royy.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\vjkqmq.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'vjkqmq.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\vjkqmq.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\winkyeo.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'winkyeo.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winkyeo.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\winihhmy.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'winihhmy.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winihhmy.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\winaxgk.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'winaxgk.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winaxgk.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\umpv.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'umpv.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\umpv.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\winpakcw.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'winpakcw.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winpakcw.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\winyhths.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'winyhths.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winyhths.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\winxijta.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'winxijta.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winxijta.exe'
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
C:\DOKUME~1\Damien\LOKALE~1\Temp\nvtkpr.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'nvtkpr.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\nvtkpr.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\cgxcf.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'cgxcf.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\cgxcf.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\wineahriw.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'wineahriw.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\wineahriw.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\lqyiom.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'lqyiom.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\lqyiom.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\winopuw.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'winopuw.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winopuw.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\winhruh.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'winhruh.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winhruh.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\winlboxv.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Scan process 'winlboxv.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winlboxv.exe'
Scan process 'w7be3d.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\w7be3d.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\ndigiq.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
Scan process 'ndigiq.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\ndigiq.exe'
C:\DOKUME~1\Damien\LOKALE~1\Temp\fyeu.exe
[DETECTION] Is the TR/Spy.Gen Trojan
Scan process 'fyeu.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\fyeu.exe'
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe'
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Programme\HP\HP Software Update\HPWuSchd2.exe'
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'qxxyx.exe' has been terminated
Process 'lwmp.exe' has been terminated
Process 'quwdr.exe' has been terminated
Process 'winxtlw.exe' has been terminated
Process 'winietgu.exe' has been terminated
Process 'dlwty.exe' has been terminated
Process 'winxlcf.exe' has been terminated
Process 'winucxdq.exe' has been terminated
Process 'royy.exe' has been terminated
Process 'vjkqmq.exe' has been terminated
Process 'winkyeo.exe' has been terminated
Process 'winihhmy.exe' has been terminated
Process 'winaxgk.exe' has been terminated
Process 'umpv.exe' has been terminated
Process 'winpakcw.exe' has been terminated
Process 'winyhths.exe' has been terminated
Process 'winxijta.exe' has been terminated
Process 'nvtkpr.exe' has been terminated
Process 'cgxcf.exe' has been terminated
Process 'wineahriw.exe' has been terminated
Process 'lqyiom.exe' has been terminated
Process 'winopuw.exe' has been terminated
Process 'winhruh.exe' has been terminated
Process 'winlboxv.exe' has been terminated
Process 'w7be3d.exe' has been terminated
Process 'ndigiq.exe' has been terminated
Process 'fyeu.exe' has been terminated
Process 'hpqste08.exe' has been terminated
Process 'hpwuSchd2.exe' has been terminated
C:\DOKUME~1\Damien\LOKALE~1\Temp\qxxyx.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4aebf5a1.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\lwmp.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae0f5a4.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\quwdr.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4aeaf5a5.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\winxtlw.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae1f5a0.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\winietgu.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae1f5a3.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\dlwty.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4aeaf5a7.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\winxlcf.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae1f5a8.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\winucxdq.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae1f5aa.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\royy.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4aecf5b4.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\vjkqmq.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4adef5b2.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\winkyeo.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae1f5b4.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\winihhmy.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae1f5b6.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\winaxgk.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae1f5b9.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\umpv.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae3f5bf.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\winpakcw.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae1f5ea.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\winyhths.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae1f5ec.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\winxijta.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae1f5ee.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\nvtkpr.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae7f5fd.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\cgxcf.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4aebf5f0.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\wineahriw.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae1f5f8.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\lqyiom.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4aecf61b.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\winopuw.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae1f616.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\winhruh.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae1f619.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\winlboxv.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae1f61c.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\w7be3d.exe
[DETECTION] Is the TR/Crypt.HO.11 Trojan
[NOTE] The file was moved to '4ad5f5ec.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\ndigiq.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
[NOTE] The file was moved to '4adcf61a.qua'!
C:\DOKUME~1\Damien\LOKALE~1\Temp\fyeu.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to '4ad8f631.qua'!
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4ae4f62b.qua'!
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4acaf60b.qua'!

89 processes with 60 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\Programme\Messenger\msmsgs.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Messenger\msmsgs.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus

The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS\Adobe_Downloads\install_flash_player_ax.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Dokumente und Einstellungen\All Users\Desktop\Installationsprogramm für Adobe Reader 9\Setup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Dokumente und Einstellungen\Damien\Desktop\protecus\ComboFix.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Dokumente und Einstellungen\Damien\Desktop\protecus\HJT\HJT.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Adobe\Reader 9.0\Reader\Eula.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Adobe\Reader 9.0\Reader\LogTransport2.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Adobe\Reader 9.0\Reader\reader_sl.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1031-7B44-A91000000001}\Setup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Cossacks\HView.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Cossacks\SoundConfig.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Cossacks - Back To War\HView.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Cossacks - Back To War\ScenarioEditor.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Gemeinsame Dateien\Hewlett-Packard\Scanjet\bin\hpsjrreg.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Gemeinsame Dateien\HP\Digital Imaging\bin\hpqPhotoCrm.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ACECNFLT.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\hpqSSupply.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\DestTest.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hposid01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hposvc08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqacdse.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqaol08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\HpqApKil.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqcsaha.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqdirec.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqdstcp.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqEmlsz.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqirs08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqkiosk.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqpprop.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\HPQPrntW.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\HpqPSApl.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqpse.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqptc08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqqpawp.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqtax08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqtax11.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqtbx01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\HpqTrMgr.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqudc08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqusgl.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpqwrg.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\hpsjrreg.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\bin\ppcue.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\devicemanagement\hpzmsi01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\devicemanagement\hpzscr01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\DocProc\DocProc.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\DocProc\dpe_ocr.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\DocProc\hpDocCvt.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\DocProc\regipe.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\esupport\hpzmsi01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\esupport\hpzscr01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\extcapuninstall\hpzmsi01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\extcapuninstall\hpzscr01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_insert_memcard.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_load_letter.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_load_original.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_load_small.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_paperjam.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_printcart.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_print_4x6.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_transfer_memcard.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_transfer_scan.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\ocr\hpzmsi01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\ocr\hpzscr01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\photosmartessential\hpzmsi01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\photosmartessential\hpzscr01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprbui.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\Product Assistant\scache\hprbhelp\hprbhelp.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\hpzcdl01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\hpzsetup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\hpzstub.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzcdl01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzdui01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzmsi01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpznop01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzpnp01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzpsl01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzrcn01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzshl01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzwrp01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\HP Software Update\HPWUCli.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\HP Software Update\SelfUpdate.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Smart Web Printing\hpswp_clipbook.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzmsi01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzrcv01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzstub.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Intel\NCS2\WMIProv\ncs2prov.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Malwarebytes' Anti-Malware\mbam-dor.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Messenger\msmsgs.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Messenger\msmsgsin.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Microsoft Office\Office12\DRAT.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Microsoft Office\Office12\GROOVE.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Microsoft Office\Office12\GrooveClean.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Microsoft Office\Office12\GrooveMigrator.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\MSN\MSNCoreFiles\copymar.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\MSN\MSNCoreFiles\dw.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\MSN\MSNCoreFiles\msn6.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\MSN\MSNCoreFiles\update.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\MSN\MSNCoreFiles\install\msnsusii.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\MSN\MSNCoreFiles\install\msn9components\digcore.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\MSN\MSNCoreFiles\install\msn9components\msncli.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\MSN\MSNCoreFiles\Setup\msnunin.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\NVIDIA Corporation\nView\keystone.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\NVIDIA Corporation\nView\nvAppBar.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\NVIDIA Corporation\nView\nvDspSch.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\NVIDIA Corporation\nView\nwiz.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Realtek\Audio\Drivers\KB888111xpsp2.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Realtek\Audio\Drivers\RtlUpd.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Realtek\Audio\Drivers\WDM\Alcmtr.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Realtek\Audio\Drivers\WDM\RtkAudioService.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Realtek\Audio\Drivers\WDM\RtlUpd.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Realtek\Audio\Drivers\WDM\SkyTel.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Realtek\Audio\Drivers\WDM\SoundMan.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Symantec\LiveUpdate\ALUNOTIFY.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Symantec\LiveUpdate\AUPDATE.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Symantec\LiveUpdate\LSETUP.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Symantec\LiveUpdate\LUALL.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Symantec\LiveUpdate\LUCheck.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Symantec\LiveUpdate\LuConfig.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Symantec\LiveUpdate\LUInit.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Symantec\LiveUpdate\NotifyHA.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Symantec\LiveUpdate\SymantecRootInstaller.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\VideoLAN\VLC\uninstall.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\WarRock\WRLauncher.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\WarRock\WRUpdater.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\WarRock\Data\HShield\HSUpdate.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\WarRock\Data\HShield\Update\autoup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\WarRock\System\WarRock.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Windows Media Player\dlimport.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP13\A0006201.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP13\A0006261.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP13\A0006263.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP20\A0007789.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP20\A0010361.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP20\A0010364.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP21\A0010821.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010829.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010934.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010935.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010939.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010948.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010949.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010951.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010952.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010961.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010963.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010964.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010965.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010970.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010971.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010972.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010979.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010981.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010982.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010984.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010990.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010993.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010994.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010995.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011001.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011002.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011003.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011004.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011005.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011006.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011008.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011009.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011010.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011011.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011013.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011014.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011015.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011016.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011017.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011019.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011020.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011021.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011022.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011023.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011024.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011025.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011026.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011027.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011028.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011029.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011030.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011031.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011032.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011034.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011035.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011037.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011038.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011040.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011042.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011045.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011046.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011047.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011049.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011050.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011051.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011052.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011053.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011054.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011055.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011056.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011057.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011058.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011059.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011060.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011061.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011062.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011064.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011084.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011090.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011091.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011097.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011102.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011107.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011108.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011109.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011111.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011112.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011113.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011114.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011116.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011121.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011124.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011126.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011127.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011130.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011131.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011132.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011133.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011134.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011135.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011136.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011137.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011138.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011139.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011140.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011141.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011158.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011159.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011160.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011163.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011169.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011171.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011173.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011174.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011175.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011181.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011182.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011183.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011184.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011190.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011202.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011203.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011213.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011214.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011224.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011226.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011230.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011237.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011296.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011310.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011312.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011313.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011315.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011321.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011324.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011325.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011328.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011335.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011348.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011349.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011350.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011351.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011352.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011353.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011355.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011356.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011357.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011358.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011359.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011360.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011361.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011362.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011363.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011364.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011365.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011366.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011367.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011368.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011369.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011370.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011371.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011372.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011373.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011374.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011375.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011376.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011377.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011378.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011379.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011380.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011381.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011382.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011383.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011384.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011385.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011386.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011388.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011389.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011391.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011392.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011393.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011395.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011396.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011397.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011398.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011400.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011401.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011402.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011403.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011404.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011405.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011406.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011407.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011408.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011409.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011410.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011411.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011412.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011413.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011414.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011415.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011416.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011417.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011418.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011419.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011421.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011422.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011423.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011426.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011427.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011428.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011429.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011430.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011432.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011433.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011434.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011435.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011437.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011438.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011439.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011440.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011441.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011442.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011444.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011445.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011446.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011447.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011449.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011450.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011486.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011487.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011488.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011489.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011490.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011491.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011492.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011493.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011494.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011495.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011496.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011497.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011498.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011499.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011500.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011505.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011508.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011510.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011511.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011514.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011515.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011516.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011517.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011518.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011519.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011520.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011521.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011522.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011523.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011524.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011525.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011526.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011528.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011538.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011539.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002236.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002295.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002297.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002299.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002303.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002313.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002337.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002360.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002364.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002366.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002447.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002458.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002492.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002598.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002605.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP6\A0005291.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP6\A0005990.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006106.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006112.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006119.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006120.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006122.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006123.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006126.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006127.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006130.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006132.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006135.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006137.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006138.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006139.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006160.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006161.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006162.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006163.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006164.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006165.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006166.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006168.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006169.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006170.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006171.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\WINDOWS\ALCMTR.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\WINDOWS\SOUNDMAN.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\update\update.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus

Beginning disinfection:
C:\Programme\Messenger\msmsgs.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Messenger\msmsgs.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS\Adobe_Downloads\install_flash_player_ax.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Dokumente und Einstellungen\All Users\Desktop\Installationsprogramm für Adobe Reader 9\Setup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Dokumente und Einstellungen\Damien\Desktop\protecus\ComboFix.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Dokumente und Einstellungen\Damien\Desktop\protecus\HJT\HJT.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Adobe\Reader 9.0\Reader\Eula.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Adobe\Reader 9.0\Reader\LogTransport2.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Adobe\Reader 9.0\Reader\reader_sl.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1031-7B44-A91000000001}\Setup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Cossacks\HView.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Cossacks\SoundConfig.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Cossacks - Back To War\HView.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Cossacks - Back To War\ScenarioEditor.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Gemeinsame Dateien\Hewlett-Packard\Scanjet\bin\hpsjrreg.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Gemeinsame Dateien\HP\Digital Imaging\bin\hpqPhotoCrm.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ACECNFLT.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\hpqSSupply.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\DestTest.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hposid01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hposvc08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqacdse.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqaol08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\HpqApKil.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqcsaha.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqdirec.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqdstcp.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqEmlsz.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqirs08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqkiosk.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqpprop.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\HPQPrntW.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\HpqPSApl.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqpse.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqptc08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqqpawp.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqtax08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqtax11.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqtbx01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\HpqTrMgr.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqudc08.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqusgl.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpqwrg.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\hpsjrreg.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\bin\ppcue.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\devicemanagement\hpzmsi01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\devicemanagement\hpzscr01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\DocProc\DocProc.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\DocProc\dpe_ocr.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\DocProc\hpDocCvt.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\DocProc\regipe.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\esupport\hpzmsi01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\esupport\hpzscr01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\extcapuninstall\hpzmsi01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\extcapuninstall\hpzscr01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_insert_memcard.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_load_letter.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_load_original.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_load_small.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_paperjam.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_printcart.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_print_4x6.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_transfer_memcard.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_transfer_scan.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\ocr\hpzmsi01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\ocr\hpzscr01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\photosmartessential\hpzmsi01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\photosmartessential\hpzscr01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprbui.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\Product Assistant\scache\hprbhelp\hprbhelp.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\hpzcdl01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\hpzsetup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\hpzstub.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzcdl01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzdui01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzmsi01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpznop01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzpnp01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzpsl01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzrcn01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzshl01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzwrp01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\HP Software Update\HPWUCli.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\HP Software Update\SelfUpdate.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Smart Web Printing\hpswp_clipbook.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzmsi01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzrcv01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzstub.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Intel\NCS2\WMIProv\ncs2prov.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Malwarebytes' Anti-Malware\mbam-dor.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Messenger\msmsgs.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Messenger\msmsgsin.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Microsoft Office\Office12\DRAT.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Microsoft Office\Office12\GROOVE.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Microsoft Office\Office12\GrooveClean.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Microsoft Office\Office12\GrooveMigrator.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\MSN\MSNCoreFiles\copymar.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\MSN\MSNCoreFiles\dw.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\MSN\MSNCoreFiles\msn6.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\MSN\MSNCoreFiles\update.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\MSN\MSNCoreFiles\install\msnsusii.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\MSN\MSNCoreFiles\install\msn9components\digcore.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\MSN\MSNCoreFiles\install\msn9components\msncli.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\MSN\MSNCoreFiles\Setup\msnunin.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\NVIDIA Corporation\nView\keystone.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\NVIDIA Corporation\nView\nvAppBar.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\NVIDIA Corporation\nView\nvDspSch.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\NVIDIA Corporation\nView\nwiz.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Realtek\Audio\Drivers\KB888111xpsp2.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Realtek\Audio\Drivers\RtlUpd.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Realtek\Audio\Drivers\WDM\Alcmtr.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Realtek\Audio\Drivers\WDM\RtkAudioService.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Realtek\Audio\Drivers\WDM\RtlUpd.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Realtek\Audio\Drivers\WDM\SkyTel.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Realtek\Audio\Drivers\WDM\SoundMan.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Symantec\LiveUpdate\ALUNOTIFY.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Symantec\LiveUpdate\AUPDATE.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Symantec\LiveUpdate\LSETUP.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Symantec\LiveUpdate\LUALL.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Symantec\LiveUpdate\LUCheck.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Symantec\LiveUpdate\LuConfig.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Symantec\LiveUpdate\LUInit.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Symantec\LiveUpdate\NotifyHA.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Symantec\LiveUpdate\SymantecRootInstaller.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\VideoLAN\VLC\uninstall.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\WarRock\WRLauncher.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\WarRock\WRUpdater.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\WarRock\Data\HShield\HSUpdate.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\WarRock\Data\HShield\Update\autoup.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\WarRock\System\WarRock.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\Programme\Windows Media Player\dlimport.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP13\A0006201.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP13\A0006261.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP13\A0006263.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP20\A0007789.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP20\A0010361.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP20\A0010364.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP21\A0010821.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010829.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010934.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010935.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010939.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010948.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010949.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010951.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010952.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010961.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010963.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010964.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010965.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010970.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010971.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010972.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010979.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010981.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010982.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010984.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010990.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010993.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010994.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010995.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011001.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011002.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011003.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011004.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011005.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011006.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011008.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011009.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011010.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011011.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011013.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011014.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011015.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011016.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011017.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011019.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011020.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011021.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011022.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011023.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011024.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011025.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011026.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011027.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011028.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011029.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011030.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011031.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011032.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011034.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011035.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011037.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011038.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011040.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011042.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011045.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011046.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011047.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011049.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011050.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011051.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011052.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011053.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011054.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011055.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011056.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011057.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011058.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011059.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011060.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011061.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011062.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011064.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011084.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011090.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011091.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011097.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011102.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011107.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011108.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011109.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011111.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011112.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011113.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011114.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011116.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011121.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011124.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011126.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011127.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011130.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011131.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011132.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011133.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011134.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011135.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011136.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011137.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011138.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011139.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011140.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011141.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011158.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011159.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011160.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011163.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011169.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011171.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011173.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011174.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011175.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011181.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011182.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011183.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011184.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011190.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011202.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011203.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011213.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011214.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011224.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011226.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011230.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011237.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011296.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011310.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011312.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011313.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011315.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011321.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011324.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011325.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011328.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011335.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011348.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011349.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011350.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011351.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011352.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011353.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011355.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011356.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011357.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011358.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011359.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011360.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011361.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011362.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011363.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011364.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011365.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011366.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011367.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011368.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011369.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011370.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011371.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011372.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011373.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011374.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011375.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011376.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011377.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011378.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011379.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011380.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011381.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011382.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011383.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011384.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011385.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011386.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011388.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011389.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011391.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011392.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011393.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011395.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011396.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011397.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011398.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011400.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011401.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011402.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011403.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011404.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011405.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011406.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011407.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011408.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011409.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011410.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011411.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011412.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011413.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011414.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011415.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011416.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011417.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011418.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011419.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011421.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011422.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011423.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011426.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011427.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011428.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011429.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011430.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011432.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011433.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011434.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011435.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011437.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011438.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011439.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011440.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011441.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011442.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011444.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011445.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011446.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011447.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011449.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011450.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011486.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011487.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011488.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011489.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011490.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011491.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011492.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011493.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011494.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011495.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011496.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011497.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011498.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011499.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011500.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011505.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011508.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011510.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011511.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011514.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011515.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011516.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011517.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011518.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011519.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011520.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011521.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011522.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011523.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011524.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011525.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011526.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011528.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011538.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011539.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002236.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002295.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002297.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002299.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002303.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002313.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002337.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002360.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002364.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002366.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002447.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002458.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002492.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002598.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002605.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP6\A0005291.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP6\A0005990.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006106.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006112.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006119.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006120.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006122.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006123.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006126.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006127.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006130.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006132.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006135.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006137.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006138.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006139.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006160.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006161.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006162.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006163.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006164.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006165.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006166.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006168.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006169.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006170.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006171.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\WINDOWS\ALCMTR.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\WINDOWS\SOUNDMAN.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!
C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\update\update.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] The file was not repaired as requested!


End of the scan: Samstag, 1. August 2009 11:38
Used time: 29:06 Minute(s)

The scan has been done completely.

4203 Scanned directories
187822 Files were scanned
528 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
29 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
187293 Files not concerned
1583 Archives were scanned
471 Warnings
30 Notes
39114 Objects were scanned with rootkit scan
0 Hidden objects were found
Dieser Beitrag wurde am 01.08.2009 um 11:41 Uhr von dimdida editiert.
Seitenanfang Seitenende
01.08.2009, 12:35
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#13 Dein ganzer Rechner ist verseucht wenn ein Trojaner entfernt wird kommt der naechste schon wieder runter

Zitat

As of now, security experts suggest that a clean Reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state
Quelle: http://www.bleepingcomputer.com/forums/lofiversion/index.php/t220586.html
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html

Brenne oder kopiere Antivir auf ein CD/USBstick
Nachdem alles neu aufgesetzt worden ist zuerst ein Virenscanner und Firewall installieren
Dan erst Windows updaten und Programme downloaden
Wenn man sich etwas runterlardt zuerst mit sein up-to-date Virenscanner scannen lassen

So wie du hier sehen kannst wurden heute Morgen schon wieder neue Trojaner runter geladen

Zitat

01.08.2009 09:18 16.384 lwmp.exe
01.08.2009 08:42 16.384 quwdr.exe
01.08.2009 08:06 16.384 winxtlw.exe
01.08.2009 07:30 16.384 winietgu.exe
01.08.2009 06:54 16.384 dlwty.exe
01.08.2009 06:18 16.384 winxlcf.exe
01.08.2009 05:43 16.384 winucxdq.exe
01.08.2009 05:07 16.384 royy.exe
01.08.2009 04:31 16.384 vjkqmq.exe
01.08.2009 03:55 16.384 winkyeo.exe
01.08.2009 03:19 16.384 winihhmy.exe
01.08.2009 02:43 16.384 winaxgk.exe
01.08.2009 02:07 16.384 umpv.exe
01.08.2009 01:31 16.384 winpakcw.exe
01.08.2009 00:55 16.384 winyhths.exe
01.08.2009 00:19 16.384 winxijta.exe
31.07.2009 23:43 16.384 nvtkpr.exe
31.07.2009 23:07 16.384 cgxcf.exe
31.07.2009 22:31 16.384 wineahriw.exe
31.07.2009 21:55 16.384 lqyiom.exe
31.07.2009 21:20 16.384 winopuw.exe
31.07.2009 21:18 2.202 v3init2.log
31.07.2009 20:44 16.384 winhruh.exe
31.07.2009 20:08 16.384 winlboxv.exe
31.07.2009 20:07 32.768 w7be3d.exe
31.07.2009 20:07 11.264 ndigiq.exe
31.07.2009 20:07 7.680 fyeu.exe

__________
MfG Argus
Seitenanfang Seitenende
01.08.2009, 12:40
Member

Themenstarter

Beiträge: 12
#14 Okay, danke dir...


Ich habe nun das oben genannte Removal Tool drüber laufen lassen, nun sind von 528 nur noch 19 Infektionen angezeigt...

das ist doch schonmal positiv...





Hier jetzt noch der aktuelle Antivir Report:








Avira AntiVir Personal
Report file date: Samstag, 1. August 2009 14:52

Scanning for 1584543 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : BEILAMPE

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 03.06.2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 11.05.2009 08:14:47
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.06.2009 07:54:04
ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 19.07.2009 07:54:09
ANTIVIR3.VDF : 7.1.5.57 445952 Bytes 31.07.2009 07:54:10
Engineversion : 8.2.0.238
AEVDF.DLL : 8.1.1.1 106868 Bytes 30.04.2009 10:52:04
AESCRIPT.DLL : 8.1.2.22 450938 Bytes 01.08.2009 07:54:16
AESCN.DLL : 8.1.2.4 127348 Bytes 01.08.2009 07:54:15
AERDL.DLL : 8.1.2.4 430452 Bytes 01.08.2009 07:54:15
AEPACK.DLL : 8.1.3.18 401783 Bytes 27.05.2009 15:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 01.08.2009 07:54:14
AEHEUR.DLL : 8.1.0.147 1884536 Bytes 01.08.2009 07:54:14
AEHELP.DLL : 8.1.5.3 233846 Bytes 01.08.2009 07:54:12
AEGEN.DLL : 8.1.1.53 356724 Bytes 01.08.2009 07:54:11
AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 01.08.2009 07:54:11
AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 14:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17.04.2009 09:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Samstag, 1. August 2009 14:52

Starting search for hidden objects.
'41468' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'hprblog.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\Programme\Messenger\msmsgs.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Messenger\msmsgs.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus

The registry was scanned ( '57' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\ejfli.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\w31d7327.exe
[DETECTION] Is the TR/Crypt.HO.11 Trojan
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winbfqrc.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winbjcxny.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\windhixv.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\wingjrah.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winkfewn.exe
[DETECTION] Is the TR/Spy.Gen Trojan
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winuduvn.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Programme\HP\Digital Imaging\bin\hpqtax11.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\Messenger\msmsgs.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\Programme\WarRock\System\WarRock.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011026.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011373.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011449.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011691.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011692.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002366.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus

Beginning disinfection:
C:\Programme\Messenger\msmsgs.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4ae169e1.qua'!
C:\Programme\Messenger\msmsgs.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\ejfli.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ada6ac0.qua'!
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\w31d7327.exe
[DETECTION] Is the TR/Crypt.HO.11 Trojan
[NOTE] The file was moved to '4aa56a8a.qua'!
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winbfqrc.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4ae26ac0.qua'!
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winbjcxny.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '49586329.qua'!
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\windhixv.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
[NOTE] The file was moved to '49597b71.qua'!
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\wingjrah.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4f8e7c91.qua'!
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winkfewn.exe
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to '4f8f74d9.qua'!
C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winuduvn.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4f8c4f21.qua'!
C:\Programme\HP\Digital Imaging\bin\hpqtax11.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4ae56ac7.qua'!
C:\Programme\Messenger\msmsgs.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
C:\Programme\WarRock\System\WarRock.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4ae66abe.qua'!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011026.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4aa46a8d.qua'!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011373.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4998507e.qua'!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011449.exe
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '4aa46a8e.qua'!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011691.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '49992837.qua'!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011692.EXE
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '499a200f.qua'!
C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002366.rbf
[DETECTION] Contains code of the W32/Sality.AA Windows virus
[NOTE] The file was moved to '499b38c7.qua'!


End of the scan: Samstag, 1. August 2009 18:16
Used time: 26:09 Minute(s)

The scan has been done completely.

4223 Scanned directories
189735 Files were scanned
19 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
17 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
189715 Files not concerned
1561 Archives were scanned
3 Warnings
20 Notes
41468 Objects were scanned with rootkit scan
0 Hidden objects were found














Habe noch ne Frage:
Ich lasse mir die treiber etc und die sp2 udn 3 für xp auf cd brennen eben so wie antivir.


dann, wenn der pc neu aufgesetzt ist, wie sollte die reihenfolge sein?

antivir
chipsatztriber
grafiktreiber
soundtreiber
lantreiber
dann sp2
dann sp3 ?????


und wo ne gute kostenlose Firewall hernehmen?

An welcher Stelle/Reihenfolge käme die dann???
Dieser Beitrag wurde am 01.08.2009 um 18:26 Uhr von dimdida editiert.
Seitenanfang Seitenende
01.08.2009, 18:26
Member

Beiträge: 202
#15 Um antivir efolgreisch installieren zu können ist sp 2 voraussetzung
also würde ich sp 2 und sp 3 zuerst installieren.

dann chipsatztreiber ( wenn diese dann noch benötigt werden sind zu grossem teil in sp 2&3 vorhanden )

antivir

Latreiber ( Müsste auch schon in den servicepacks vorhanden sein )

Firewall ( Comodo kann ich entpfehlen )
http://www.chip.de/downloads/Comodo-Internet-Security_28397713.html

Dann alles weitere da ist die reihenfolge nicht so entscheident
Seitenanfang Seitenende