Taskmanager und Registry gesperrt-Virus, wie entfernen?? |
||
---|---|---|
#0
| ||
31.07.2009, 11:49
Member
Beiträge: 12 |
||
|
||
31.07.2009, 16:06
Ehrenmitglied
Beiträge: 6028 |
#2
Temp File Cleaner
Download TFC.exe by OldTimer zum Desktop Schliesse alle fenster und doppelklick TFC.exe um das Programm zu starten Vista benutzer: rechtermausklick auf TFC.exe und waehle "Run as an Administrator" Lasse Temp File Cleaner seine Arbeit tun Am Ende wird dein Rechner neu starten,wenn nicht starte manuell neu Lade/entpacke HijackThis in einen extra Ordner, Benenne Hijackthis in HJT um, starte es und waehle ---> None of the above just start the program --> Scan -> Save log --> hijackthis.log - Save - es öffnet sich der Editor nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen" Zitat C:\DOKUME~1\Damien\LOKALE~1\Temp\Temporäres Verzeichnis 1 für HiJackThis.zip\HijackThis.exeComboFix(by sUBs) Download ComboFix und speichert es auf den Desktop! Download link 1 ComboFix Download link 2 ComboFix Note:Wenn wehrend du Combofix runterlaedst oder anwendet ein Meldung deines Virenscanner kommt oder ein anderen Realtime scanner Schalte diese scanner dann aus und download ComboFix erneut Es gibt scanner die bestimmte komponente die durch CF benutzt werden als verdaechtig ansehen und versucht sie zu blokkieren oder zu entfernen Starte combofix.exe Folge den Instruktionen in das Fenster Wenn ComboFix schon vorher benutzt worden ist kann es sein das du eine Meldung bekommst das es ein Update gibt Erlaube diesen Update und klicke OK im "NirCmd“ fenster klicke nach ablauf auf "ja“um den Scan zu starten Während Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\ combofix.txt) nun das KOMPLETTE Log mit rechtem Mausklick ab kopieren und ins Forum mit rechtem Mausklick "einfügen" Befolge diese Anleitung __________ MfG Argus |
|
|
||
31.07.2009, 19:43
Member
Themenstarter Beiträge: 12 |
#3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:18, on 31.07.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\DOKUME~1\Damien\LOKALE~1\Temp\fyeu.exe C:\DOKUME~1\Damien\LOKALE~1\Temp\ndigiq.exe C:\DOKUME~1\Damien\LOKALE~1\Temp\w7be3d.exe C:\DOKUME~1\Damien\LOKALE~1\Temp\winlboxv.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Dokumente und Einstellungen\Damien\Desktop\protecus\HJT\HJT.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249025893062 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing) -- End of file - 4991 bytes ComboFix 09-07-29.04 - Damien 31.07.2009 20:04.1.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1693 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Damien\Desktop\protecus\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\1f75fa.msi c:\windows\system32\AutoRun.inf . ((((((((((((((((((((((( Dateien erstellt von 2009-06-28 bis 2009-07-31 )))))))))))))))))))))))))))))) . 2009-07-31 17:52 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll 2009-07-31 17:51 . 2009-07-31 17:51 -------- d-----w- c:\programme\Microsoft Works 2009-07-31 17:51 . 2009-07-31 17:51 -------- d-----w- c:\programme\Microsoft.NET 2009-07-31 17:49 . 2009-07-31 17:49 -------- d-----w- c:\programme\Microsoft Visual Studio 8 2009-07-31 17:48 . 2009-07-31 17:49 -------- d-----w- c:\windows\SHELLNEW 2009-07-31 17:48 . 2009-07-31 17:48 -------- d--h--r- C:\MSOCache 2009-07-31 10:50 . 2009-07-31 11:17 -------- d-----w- c:\programme\Cossacks - Back To War 2009-07-31 10:50 . 2002-08-09 20:17 4292608 ----a-r- c:\windows\una2setup.exe 2009-07-31 10:39 . 2009-07-31 10:47 -------- d-----w- c:\programme\Cossacks 2009-07-31 10:39 . 2009-07-31 10:39 53248 ----a-w- c:\windows\system32\unrar.dll 2009-07-31 10:38 . 2002-04-22 12:30 4284416 ----a-r- c:\windows\uncsetup.exe 2009-07-31 09:57 . 2009-07-31 09:57 -------- d-sh--w- c:\dokumente und einstellungen\Damien\IECompatCache 2009-07-31 09:13 . 2009-07-31 09:13 -------- d-----w- c:\dokumente und einstellungen\Damien\Anwendungsdaten\Malwarebytes 2009-07-31 09:13 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-31 09:13 . 2009-07-31 09:13 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2009-07-31 09:13 . 2009-07-31 09:13 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2009-07-31 09:13 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-31 08:31 . 2009-07-31 08:31 -------- d-sh--w- c:\dokumente und einstellungen\Damien\PrivacIE 2009-07-31 08:29 . 2009-07-31 08:29 -------- d-sh--w- c:\dokumente und einstellungen\Damien\IETldCache 2009-07-31 08:19 . 2009-07-19 16:41 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-07-31 08:19 . 2009-07-03 16:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-31 08:19 . 2009-07-03 16:55 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-07-31 08:19 . 2009-07-03 16:55 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-07-31 08:19 . 2009-07-03 16:55 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-07-31 08:19 . 2009-07-03 16:55 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-31 08:19 . 2009-07-31 08:19 -------- d-----w- c:\windows\ie8updates 2009-07-31 08:19 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-07-31 08:18 . 2009-07-31 08:19 -------- dc-h--w- c:\windows\ie8 2009-07-31 08:13 . 2009-07-31 08:13 -------- d-----w- c:\programme\MSXML 4.0 2009-07-31 08:08 . 2008-06-14 17:32 273024 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-07-31 08:06 . 2008-10-15 16:35 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2009-07-31 08:06 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll 2009-07-31 08:06 . 2008-04-21 21:13 217600 -c----w- c:\windows\system32\dllcache\wordpad.exe 2009-07-31 07:58 . 2009-07-31 07:58 -------- d-----w- c:\windows\system32\de 2009-07-31 07:58 . 2009-07-31 07:58 -------- d-----w- c:\windows\system32\bits 2009-07-31 07:58 . 2009-07-31 07:58 -------- d-----w- c:\windows\l2schemas 2009-07-31 07:52 . 2009-07-31 07:52 -------- d-----w- c:\dokumente und einstellungen\Damien\Anwendungsdaten\dvdcss 2009-07-31 07:50 . 2008-04-14 02:23 226816 -c----w- c:\windows\system32\dllcache\npdrmv2.dll 2009-07-31 07:41 . 2009-07-31 08:22 -------- d--h--w- c:\windows\$hf_mig$ 2009-07-30 16:11 . 2009-07-30 16:11 -------- d-----w- c:\dokumente und einstellungen\Damien\Lokale Einstellungen\Anwendungsdaten\Identities 2009-07-30 14:44 . 2009-07-30 14:44 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\WEBREG 2009-07-30 14:42 . 2009-07-30 14:42 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\HPSSUPPLY 2009-07-30 14:42 . 2009-07-30 14:42 -------- d-----w- c:\dokumente und einstellungen\Damien\Anwendungsdaten\HPAppData 2009-07-30 14:41 . 2009-07-30 14:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP 2009-07-30 14:41 . 2009-07-30 14:41 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\HP Product Assistant 2009-07-30 14:41 . 2009-07-30 14:41 -------- d-----w- c:\programme\Gemeinsame Dateien\HP 2009-07-30 14:41 . 2009-07-30 14:41 -------- d-----w- c:\programme\Hewlett-Packard 2009-07-30 14:40 . 2009-07-30 14:40 -------- d-----w- c:\programme\Gemeinsame Dateien\Hewlett-Packard 2009-07-30 14:40 . 2007-03-08 04:20 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys 2009-07-30 14:40 . 2007-03-08 04:20 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys 2009-07-30 14:40 . 2007-03-08 04:20 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys 2009-07-30 14:40 . 2009-07-30 14:40 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Hewlett-Packard 2009-07-30 14:40 . 2007-03-30 15:29 267864 ----a-r- c:\windows\system32\hpzids01.dll 2009-07-30 14:40 . 2007-03-28 12:01 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll 2009-07-30 14:39 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-07-30 14:39 . 2007-03-17 06:39 675840 ----a-r- c:\windows\system32\hpowiax4.dll 2009-07-30 14:39 . 2007-03-17 06:39 303104 ----a-r- c:\windows\system32\hpovst11.dll 2009-07-30 14:39 . 2007-03-17 06:39 958464 ----a-r- c:\windows\system32\hpotiop4.dll 2009-07-30 14:39 . 2007-03-08 04:20 364544 ----a-r- c:\windows\system32\hppldcoi.dll 2009-07-30 14:39 . 2007-03-08 04:20 309760 ----a-r- c:\windows\system32\difxapi.dll 2009-07-30 14:39 . 2009-07-30 14:42 -------- d-----w- c:\programme\HP 2009-07-30 14:38 . 2009-07-30 14:44 158748 ----a-w- c:\windows\hpoins15.dat 2009-07-30 14:38 . 2007-06-05 23:04 1039 ------w- c:\windows\hpomdl15.dat 2009-07-30 14:36 . 2009-07-30 14:38 -------- d-----w- C:\DLRG 2009-07-30 14:35 . 2009-07-30 14:35 -------- d-----w- c:\dokumente und einstellungen\Damien\Lokale Einstellungen\Anwendungsdaten\Microsoft Help 2009-07-30 14:35 . 2009-07-31 17:52 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help 2009-07-30 14:35 . 2009-07-30 14:35 -------- d-----w- c:\programme\MSECache 2009-07-30 14:32 . 2009-07-30 14:32 -------- d-----w- c:\programme\Gemeinsame Dateien\Adobe 2009-07-30 14:24 . 2009-07-30 14:35 -------- d-----w- c:\dokumente und einstellungen\Damien\Lokale Einstellungen\Anwendungsdaten\Adobe 2009-07-30 14:05 . 2009-07-30 14:05 -------- d-sh--w- c:\dokumente und einstellungen\Damien\UserData 2009-07-30 14:03 . 2009-07-30 14:03 -------- d-----w- c:\programme\CDBurnerXP 2009-07-30 13:58 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2009-07-30 13:58 . 2009-07-31 08:29 -------- d-----w- c:\windows\system32\de-DE 2009-07-30 13:57 . 2009-07-30 13:58 -------- d-----w- c:\windows\system32\XPSViewer 2009-07-30 13:57 . 2009-07-30 13:57 -------- d-----w- c:\programme\MSBuild 2009-07-30 13:57 . 2009-07-30 13:57 -------- d-----w- c:\programme\Reference Assemblies 2009-07-30 13:56 . 2009-07-30 13:57 -------- d-----w- C:\8b2da314928befb213ffc678 2009-07-30 13:56 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-07-30 13:56 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-07-30 13:56 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-07-30 13:56 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-07-30 13:56 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-07-30 13:56 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-07-30 13:56 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-07-30 13:55 . 2009-07-30 13:55 -------- d-----w- c:\programme\MSXML 6.0 2009-07-29 05:45 . 2009-07-29 05:45 -------- d-----w- c:\windows\system32\Lang 2009-07-29 05:43 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2009-07-29 05:43 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys 2009-07-29 05:43 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2009-07-29 05:43 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys 2009-07-29 05:43 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys 2009-07-29 05:43 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys 2009-07-29 05:43 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys 2009-07-29 05:43 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys 2009-07-29 05:43 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys 2009-07-29 05:43 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys 2009-07-29 05:43 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys 2009-07-29 05:34 . 2009-07-31 17:50 18256 ----a-w- c:\dokumente und einstellungen\Damien\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2009-07-29 05:34 . 2009-07-29 05:34 -------- d-----w- c:\dokumente und einstellungen\LocalService\Startmenü 2009-07-29 05:33 . 2009-07-31 07:59 -------- d-----w- c:\windows\system32\wbem\AutoRecover 2009-07-29 05:30 . 2009-07-29 05:30 1991824 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NOS\Adobe_Downloads\install_flash_player_ax.exe 2009-07-29 05:30 . 2009-07-30 14:40 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NOS 2009-07-29 05:30 . 2009-07-30 14:39 -------- d-----w- c:\programme\NOS 2009-07-29 05:15 . 2009-07-29 05:15 -------- d-----w- c:\windows\ServicePackFiles 2009-07-29 05:15 . 2009-01-07 16:20 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-07-29 05:14 . 2009-07-31 07:59 -------- d-----w- c:\windows\EHome . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-31 08:34 . 2001-08-23 12:00 80290 ----a-w- c:\windows\system32\perfc007.dat 2009-07-31 08:34 . 2001-08-23 12:00 448726 ----a-w- c:\windows\system32\perfh007.dat 2009-07-31 08:02 . 2009-07-31 07:51 -------- d-----w- c:\dokumente und einstellungen\Damien\Anwendungsdaten\vlc 2009-07-31 08:00 . 2009-07-28 08:49 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-07-31 07:50 . 2009-07-31 07:50 -------- d-----w- c:\programme\VideoLAN 2009-07-29 05:42 . 2009-07-29 05:42 -------- d--h--w- c:\programme\InstallShield Installation Information 2009-07-29 05:42 . 2009-07-29 05:42 -------- d-----w- c:\programme\Realtek 2009-07-29 05:42 . 2009-07-29 05:42 -------- d-----w- c:\programme\Gemeinsame Dateien\InstallShield 2009-07-28 11:51 . 2009-07-28 08:59 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Symantec 2009-07-28 11:47 . 2009-07-28 08:59 -------- d-----w- c:\programme\Symantec 2009-07-28 11:47 . 2009-07-28 08:59 -------- d-----w- c:\programme\Gemeinsame Dateien\Symantec Shared 2009-07-28 09:35 . 2009-07-28 09:35 -------- d-----w- c:\programme\AGEIA Technologies 2009-07-28 09:35 . 2009-07-28 09:35 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard 2009-07-28 09:35 . 2009-07-28 09:35 -------- d-----w- c:\programme\NVIDIA Corporation 2009-07-28 09:35 . 2009-07-28 09:35 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation 2009-07-28 09:03 . 2009-07-28 08:53 -------- d-----w- c:\programme\Intel 2009-07-28 08:49 . 2009-07-28 08:49 -------- d-----w- c:\programme\microsoft frontpage 2009-07-28 08:49 . 2009-07-28 08:49 2678 ----a-w- c:\windows\java\Packages\Data\ERVNNFND.DAT 2009-07-28 08:49 . 2009-07-28 08:49 558142 ----a-w- c:\windows\java\Packages\O4A77R5J.ZIP 2009-07-28 08:49 . 2009-07-28 08:49 2678 ----a-w- c:\windows\java\Packages\Data\7FRNP7VD.DAT 2009-07-28 08:49 . 2009-07-28 08:49 2678 ----a-w- c:\windows\java\Packages\Data\FVFT3VXF.DAT 2009-07-28 08:49 . 2009-07-28 08:49 2678 ----a-w- c:\windows\java\Packages\Data\E3RT37JR.DAT 2009-07-28 08:49 . 2009-07-28 08:49 2678 ----a-w- c:\windows\java\Packages\Data\7V1JZTB3.DAT 2009-07-28 08:49 . 2009-07-28 08:49 155995 ----a-w- c:\windows\java\Packages\C8ODZVLZ.ZIP 2009-07-28 08:49 . 2009-07-28 08:49 -------- d-----w- c:\programme\Online-Dienste 2009-07-28 08:48 . 2009-07-28 08:48 -------- d-----w- c:\programme\Gemeinsame Dateien\Dienste 2009-07-28 08:47 . 2009-07-28 08:47 21740 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-20 17:08 . 2009-07-29 05:42 5795328 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2009-07-20 09:12 . 2009-07-29 05:42 18670592 ----a-w- c:\windows\RTHDCPL.EXE 2009-07-14 18:54 . 2009-07-28 09:35 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-07-14 18:54 . 2009-07-28 09:34 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-07-14 18:54 . 2009-07-28 09:34 7741664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-07-14 18:54 . 2009-07-28 09:34 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-07-14 18:54 . 2009-07-28 09:34 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-07-14 18:54 . 2009-07-28 09:34 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-07-14 18:54 . 2009-07-28 09:34 151552 ----a-w- c:\windows\system32\nvcodins.dll 2009-07-14 18:54 . 2009-07-28 09:34 151552 ----a-w- c:\windows\system32\nvcod.dll 2009-07-14 18:54 . 2009-07-28 09:34 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-07-14 18:54 . 2009-07-28 09:34 5842816 ----a-w- c:\windows\system32\nv4_disp.dll 2009-07-14 18:54 . 2009-07-28 09:34 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-07-10 05:01 . 2009-07-28 09:34 485920 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-07-08 14:34 . 2009-07-28 08:53 53248 ----a-w- c:\windows\system32\CSVer.dll 2009-07-03 16:55 . 2002-08-29 01:43 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 07:30 . 2009-07-28 09:02 256712 ----a-w- c:\windows\system32\PROUnstl.exe 2009-06-26 16:49 . 2009-06-26 16:49 81920 ------w- c:\windows\system32\ieencode.dll 2009-06-24 08:43 . 2009-07-29 05:42 831488 ----a-w- c:\windows\RtlExUpd.dll 2009-06-24 06:24 . 2009-06-24 06:24 184320 ----a-w- c:\windows\system32\Ncs2Setp.dll 2009-06-24 06:15 . 2009-06-24 06:15 764536 ----a-w- c:\windows\system32\ncs2dmix.dll 2009-06-24 06:15 . 2009-06-24 06:15 539256 ----a-w- c:\windows\system32\accesor.dll 2009-06-24 05:55 . 2009-06-24 05:55 141944 ----a-w- c:\windows\system32\ncs2instutility.dll 2009-06-24 05:46 . 2009-06-24 05:46 1620600 ----a-w- c:\windows\system32\ncscolib.dll 2009-06-23 22:54 . 2009-06-23 22:54 30880 ----a-w- c:\windows\system32\drivers\iqvw32.sys 2009-06-22 15:39 . 2009-07-29 05:42 1482752 ----a-w- c:\windows\RtlUpd.exe 2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:09 . 2002-08-29 01:43 1296896 ----a-w- c:\windows\system32\quartz.dll 2009-05-20 05:56 . 2009-05-20 05:56 116360 ----a-w- c:\windows\system32\drivers\ianswxp.sys 2009-05-07 15:32 . 2002-08-29 01:43 348160 ----a-w- c:\windows\system32\localspl.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2009-07-08 1735200] "Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 109424] "HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 126976] "GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2009-07-31 133416] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-07-20 18670592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [COLOR=RED] SafeBoot Registrierungsschlüssel muss repariert werden. Dieser PC kann nicht im abgesicherten Modus starten. [/COLOR] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "UacDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\NVIDIA Corporation\\nView\\nwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\RTHDCPL.EXE"= "c:\\Programme\\HP\\Smart Web Printing\\hpswp_clipbook.exe"= "c:\\Programme\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"= "c:\\Programme\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Dokumente und Einstellungen\\Damien\\Desktop\\protecus\\TFC.exe"= "c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programme\\HP\\Digital Imaging\\bin\\hpqSTE08.exe"= "c:\\Programme\\HP\\Digital Imaging\\Product Assistant\\bin\\hprblog.exe"= R3 abp470n5;abp470n5;\??\c:\windows\System32\drivers\esgvk.sys --> c:\windows\System32\drivers\esgvk.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Zusätzlicher Suchlauf ------- . IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-31 20:06 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant] "ImagePath"="a" . Zeit der Fertigstellung: 2009-07-31 20:07 ComboFix-quarantined-files.txt 2009-07-31 18:07 Vor Suchlauf: 8 Verzeichnis(se), 486.391.468.032 Bytes frei Nach Suchlauf: 8 Verzeichnis(se), 486.284.492.800 Bytes frei WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 281 Vielen Dank für die Hilfe bis hierhin, auch wenn cih noch nciht weiss, was die Log files nun aussagen... ich freue mich auf weitere Arbeit^^ LG dimdida Dieser Beitrag wurde am 31.07.2009 um 20:15 Uhr von dimdida editiert.
|
|
|
||
31.07.2009, 22:58
Ehrenmitglied
Beiträge: 6028 |
||
|
||
31.07.2009, 22:58
Member
Themenstarter Beiträge: 12 |
#5
PS Das hatte ich bisher vergessen:
Ich vermute da sist auch eine Folge des Virus? Es kommt wenn ich nen USB pder externe Platte anschliesse "Windows-Kein Datenträger" Fehlermeldung. Um den Abend heute bis zur Viruslösung rum zu bekommen habe ich Warrock(PC Spiel findet man auch bei wikipedia) installiert und als ich es starten wollte kam folgende Meldung: http://www.xup.in/dl,21292822/warrock.JPG/ Kann es sein, dass ähnliches auch mit meinem vor 2 tagen installierten SEP gemacht wurde? OMG Was soll der Mist bloss? |
|
|
||
31.07.2009, 23:20
Ehrenmitglied
Beiträge: 6028 |
#6
datfindbat
Download datFindbat zum Desktop Starte diese Batchdatei datfind.bat danach öffnet sich ein Notepad/Editor Fenster. Kopiere den Inhalt bis auf 39 Tage im Thread Manchmal befinden sich Dateien auf dem Rechner, die von Viren, Spyware oder Backdoors abgelegt wurden und welche ein Antivirenscanner nicht auf Anhieb findet. Deshalb haben wir diese bat-Datei erstellt, um genau nachprüfen zu können, was sich in Verzeichnis von C:\WINDOWS\system32 Verzeichnis von C:\WINDOWS Verzeichnis von C:\DOCUME~1\user\LOCALS~1\Temp Verzeichnis von C:\WINDOWS\temp Verzeichnis von C:\WINDOWS\Downloaded Program Files und den temporären Dateien befindet. __________ MfG Argus |
|
|
||
01.08.2009, 01:11
Member
Themenstarter Beiträge: 12 |
#7
GMER 1.0.15.15011 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-01 09:29:31 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- Code \??\C:\DOKUME~1\Damien\LOKALE~1\Temp\catchme.sys pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\System32\drivers\esgvk.sys Das System kann die angegebene Datei nicht finden. ! ? C:\DOKUME~1\Damien\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. ! ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Das System kann die angegebene Datei nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411951FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125CB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D43F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41363C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41363B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41363BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41363A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41363A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41363C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41363AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 41363F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411951FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41363C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41363B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41363BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41363A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41363A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41363C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[2460] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41363AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411951FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125CB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D43F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41363C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41363B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41363BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41363A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41363A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41363C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41363AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 41363F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411951FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125CB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D43F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41363C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41363B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41363BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41363A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41363A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41363C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41363AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 41363F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 411951FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125CB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126D3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D43F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41363C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41363B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 41363BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 41363A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 41363A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 41363C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 41363AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 4126D408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] ole32.dll!OleLoadFromStream 774F9C85 5 Bytes JMP 41363F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[1116] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[4416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[4744] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Programme\Internet Explorer\IEXPLORE.EXE[5664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\uninst.exe 0 bytes ---- EOF - GMER 1.0.15 ---- Dieser Beitrag wurde am 01.08.2009 um 09:31 Uhr von dimdida editiert.
|
|
|
||
01.08.2009, 01:47
Ehrenmitglied
Beiträge: 6028 |
#8
datfindbat http://virus-protect.org/datfindbat.html
Symantec Endpoint Protection ist ein scanner fuer Firmen Installiere AntiVir http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914 __________ MfG Argus |
|
|
||
01.08.2009, 09:45
Member
Themenstarter Beiträge: 12 |
#9
Danke...
leider ging bei mir das Lden der Siete nicht, aber ein Kollege hats gedownloaded und neu geuppt... Da dort sehr "wirre" Folgen von Daten sind und es wechselt ziwschen 2001 und 2009 udn allem dazwischen, weiss ich nicht genau, welche Teile du nun benötigst, deshalb als Anhang die TXT... Noch eine Frage: Ist das alles jetzt erst noch Vorbereitung um mir helfen zu können, oder sind das nur weitere Schritte, weil du schon eine Fährte hast? Liebste Grüße dimdida Anhang: dirdat.txt
|
|
|
||
01.08.2009, 10:01
Member
Themenstarter Beiträge: 12 |
#10
Komischer Weise hat sich dieses anti vir nun installieren lassen (nach dem zweiten anlauf)
habe gleich die updates gezogen programm wurde gsckossen neu gestartet und schnel genug auf system scan gedrückt.. hat ettliche trojaner wie den im anhang gefunden, habe angewählt "alle folgende auf die selbe weise behandeln (in quarantäne schieben)" hoffe das war gut so? Der Scan hat nun schon über 500 mal was gefudnen udn wenn ich nichts übersehen habe, handelt es sich um W32/Sality.AA http://www.xup.in/dl,16770712/avira_scan-zwischenstand.JPG/ Falss du den nicht kennst, wirst du vermutlich auch googlen, ich habe das mal gemacht: http://www.f-secure.com/v-descs/virus_w32_sality_aa.shtml [ http://www.avira.com/de/threats/section/fulldetails/id_vir/4479/w32_sality.y.html ] https://www.pc-magazin.de/internet/cm/virenecke/show_sophos.php?id=3163 Vielleicht erleichtert das ja eineiges an deiner Arbeit?? Ich vermute mal, es gibt zu allem was Avira nun macht/dann gamacht hat auch i wo einen log udn den willste haben ja? Wo bekomme ich den? nun ist der scan durch und cih soll eine aktion wählen für die 528 exe dateien in denen der virus drinnen ist: Screenshot: http://www.xup.in/dl,15971737/avira_scan-ende.JPG/ Es gitb repaieren udn abbrechen... ich warte mal noch bis ich von dir höre. Was sind nächste Schritte? oder musst du erst analysieren? Danke dir dass du dir dei Zeit für mich nimmst Anhang: avira-ein trojaner.JPG Dieser Beitrag wurde am 01.08.2009 um 10:37 Uhr von dimdida editiert.
|
|
|
||
01.08.2009, 11:05
Ehrenmitglied
Beiträge: 6028 |
#11
Es bleibt dir nicht anderes als Format C:\
Man kann es vergleichen mit Virut,da hilft auch nichts als Format http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=74007 Achte darauf das man nicht ohne ein Realtime Virenscanner ins Netz geht __________ MfG Argus |
|
|
||
01.08.2009, 11:25
Member
Themenstarter Beiträge: 12 |
#12
Format C:\ ist das mit einem Neu aufsetzen des Betriebssystems verbunden?
Wie wäre eine genau Vorgehensweise nun? Was meinst du mit Realtime Virenscanner? Im google werden zur Beseitigung dieses Virus einiges Tools ausgegeben... was hälst du von denen? Nichts? das hier fährt bsp weise im protecus board rum: http://www.avg.com/de.52.ndi-67769 Ok Anhang geht nciht wegene angeblich Verbotenem Dateiende... also eben heir den ganzen Text: Avira AntiVir Personal Report file date: Samstag, 1. August 2009 09:55 Scanning for 1584543 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : BEILAMPE Version information: BUILD.DAT : 9.0.0.403 17961 Bytes 03.06.2009 17:05:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 11.05.2009 08:14:47 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 09:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 09:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 11:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.06.2009 07:54:04 ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 19.07.2009 07:54:09 ANTIVIR3.VDF : 7.1.5.57 445952 Bytes 31.07.2009 07:54:10 Engineversion : 8.2.0.238 AEVDF.DLL : 8.1.1.1 106868 Bytes 30.04.2009 10:52:04 AESCRIPT.DLL : 8.1.2.22 450938 Bytes 01.08.2009 07:54:16 AESCN.DLL : 8.1.2.4 127348 Bytes 01.08.2009 07:54:15 AERDL.DLL : 8.1.2.4 430452 Bytes 01.08.2009 07:54:15 AEPACK.DLL : 8.1.3.18 401783 Bytes 27.05.2009 15:07:20 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 01.08.2009 07:54:14 AEHEUR.DLL : 8.1.0.147 1884536 Bytes 01.08.2009 07:54:14 AEHELP.DLL : 8.1.5.3 233846 Bytes 01.08.2009 07:54:12 AEGEN.DLL : 8.1.1.53 356724 Bytes 01.08.2009 07:54:11 AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 13:32:40 AECORE.DLL : 8.1.7.6 184694 Bytes 01.08.2009 07:54:11 AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 13:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 09:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 13:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 09:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 09:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 14:39:58 RCTEXT.DLL : 9.0.37.0 86785 Bytes 17.04.2009 09:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Samstag, 1. August 2009 09:55 Starting search for hidden objects. '39114' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned C:\DOKUME~1\Damien\LOKALE~1\Temp\qxxyx.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'qxxyx.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\qxxyx.exe' Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned C:\DOKUME~1\Damien\LOKALE~1\Temp\lwmp.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'lwmp.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\lwmp.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\quwdr.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'quwdr.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\quwdr.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\winxtlw.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'winxtlw.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winxtlw.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\winietgu.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'winietgu.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winietgu.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\dlwty.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'dlwty.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\dlwty.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\winxlcf.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'winxlcf.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winxlcf.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\winucxdq.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'winucxdq.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winucxdq.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\royy.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'royy.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\royy.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\vjkqmq.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'vjkqmq.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\vjkqmq.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\winkyeo.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'winkyeo.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winkyeo.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\winihhmy.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'winihhmy.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winihhmy.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\winaxgk.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'winaxgk.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winaxgk.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\umpv.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'umpv.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\umpv.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\winpakcw.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'winpakcw.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winpakcw.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\winyhths.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'winyhths.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winyhths.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\winxijta.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'winxijta.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winxijta.exe' Scan process 'skypePM.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned C:\DOKUME~1\Damien\LOKALE~1\Temp\nvtkpr.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'nvtkpr.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\nvtkpr.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\cgxcf.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'cgxcf.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\cgxcf.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\wineahriw.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'wineahriw.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\wineahriw.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\lqyiom.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'lqyiom.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\lqyiom.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\winopuw.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'winopuw.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winopuw.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\winhruh.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'winhruh.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winhruh.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\winlboxv.exe [DETECTION] Is the TR/Downloader.Gen Trojan Scan process 'winlboxv.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\winlboxv.exe' Scan process 'w7be3d.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\w7be3d.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\ndigiq.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program Scan process 'ndigiq.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\ndigiq.exe' C:\DOKUME~1\Damien\LOKALE~1\Temp\fyeu.exe [DETECTION] Is the TR/Spy.Gen Trojan Scan process 'fyeu.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\DOKUME~1\Damien\LOKALE~1\Temp\fyeu.exe' Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'hpqste08.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe' Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Module is infected -> 'C:\Programme\HP\HP Software Update\HPWuSchd2.exe' Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Process 'qxxyx.exe' has been terminated Process 'lwmp.exe' has been terminated Process 'quwdr.exe' has been terminated Process 'winxtlw.exe' has been terminated Process 'winietgu.exe' has been terminated Process 'dlwty.exe' has been terminated Process 'winxlcf.exe' has been terminated Process 'winucxdq.exe' has been terminated Process 'royy.exe' has been terminated Process 'vjkqmq.exe' has been terminated Process 'winkyeo.exe' has been terminated Process 'winihhmy.exe' has been terminated Process 'winaxgk.exe' has been terminated Process 'umpv.exe' has been terminated Process 'winpakcw.exe' has been terminated Process 'winyhths.exe' has been terminated Process 'winxijta.exe' has been terminated Process 'nvtkpr.exe' has been terminated Process 'cgxcf.exe' has been terminated Process 'wineahriw.exe' has been terminated Process 'lqyiom.exe' has been terminated Process 'winopuw.exe' has been terminated Process 'winhruh.exe' has been terminated Process 'winlboxv.exe' has been terminated Process 'w7be3d.exe' has been terminated Process 'ndigiq.exe' has been terminated Process 'fyeu.exe' has been terminated Process 'hpqste08.exe' has been terminated Process 'hpwuSchd2.exe' has been terminated C:\DOKUME~1\Damien\LOKALE~1\Temp\qxxyx.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4aebf5a1.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\lwmp.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae0f5a4.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\quwdr.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4aeaf5a5.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\winxtlw.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae1f5a0.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\winietgu.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae1f5a3.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\dlwty.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4aeaf5a7.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\winxlcf.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae1f5a8.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\winucxdq.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae1f5aa.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\royy.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4aecf5b4.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\vjkqmq.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4adef5b2.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\winkyeo.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae1f5b4.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\winihhmy.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae1f5b6.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\winaxgk.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae1f5b9.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\umpv.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae3f5bf.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\winpakcw.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae1f5ea.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\winyhths.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae1f5ec.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\winxijta.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae1f5ee.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\nvtkpr.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae7f5fd.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\cgxcf.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4aebf5f0.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\wineahriw.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae1f5f8.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\lqyiom.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4aecf61b.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\winopuw.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae1f616.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\winhruh.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae1f619.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\winlboxv.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae1f61c.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\w7be3d.exe [DETECTION] Is the TR/Crypt.HO.11 Trojan [NOTE] The file was moved to '4ad5f5ec.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\ndigiq.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program [NOTE] The file was moved to '4adcf61a.qua'! C:\DOKUME~1\Damien\LOKALE~1\Temp\fyeu.exe [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was moved to '4ad8f631.qua'! C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [NOTE] The file was moved to '4ae4f62b.qua'! C:\Programme\HP\HP Software Update\HPWuSchd2.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [NOTE] The file was moved to '4acaf60b.qua'! 89 processes with 60 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! Master boot sector HD3 [INFO] No virus was found! Master boot sector HD4 [INFO] No virus was found! Master boot sector HD5 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan executable files (registry). C:\Programme\Messenger\msmsgs.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Messenger\msmsgs.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus The registry was scanned ( '56' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS\Adobe_Downloads\install_flash_player_ax.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Dokumente und Einstellungen\All Users\Desktop\Installationsprogramm für Adobe Reader 9\Setup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Dokumente und Einstellungen\Damien\Desktop\protecus\ComboFix.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Dokumente und Einstellungen\Damien\Desktop\protecus\HJT\HJT.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Adobe\Reader 9.0\Reader\Eula.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Adobe\Reader 9.0\Reader\LogTransport2.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Adobe\Reader 9.0\Reader\reader_sl.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1031-7B44-A91000000001}\Setup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Cossacks\HView.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Cossacks\SoundConfig.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Cossacks - Back To War\HView.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Cossacks - Back To War\ScenarioEditor.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Gemeinsame Dateien\Hewlett-Packard\Scanjet\bin\hpsjrreg.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Gemeinsame Dateien\HP\Digital Imaging\bin\hpqPhotoCrm.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ACECNFLT.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\hpqSSupply.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\DestTest.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hposid01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hposvc08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqacdse.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqaol08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\HpqApKil.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqcsaha.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqdirec.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqdstcp.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqEmlsz.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqirs08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqkiosk.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqpprop.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\HPQPrntW.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\HpqPSApl.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqpse.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqptc08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqqpawp.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqtax08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqtax11.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqtbx01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\HpqTrMgr.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqudc08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqusgl.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpqwrg.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\hpsjrreg.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\bin\ppcue.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\devicemanagement\hpzmsi01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\devicemanagement\hpzscr01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\DocProc\DocProc.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\DocProc\dpe_ocr.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\DocProc\hpDocCvt.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\DocProc\regipe.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\esupport\hpzmsi01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\esupport\hpzscr01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\extcapuninstall\hpzmsi01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\extcapuninstall\hpzscr01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_insert_memcard.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_load_letter.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_load_original.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_load_small.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_paperjam.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_printcart.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_print_4x6.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_transfer_memcard.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_transfer_scan.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\ocr\hpzmsi01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\ocr\hpzscr01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\photosmartessential\hpzmsi01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\photosmartessential\hpzscr01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprbui.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\Product Assistant\scache\hprbhelp\hprbhelp.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\hpzcdl01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\hpzsetup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\hpzstub.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzcdl01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzdui01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzmsi01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpznop01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzpnp01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzpsl01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzrcn01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzshl01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzwrp01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\HP Software Update\HPWUCli.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\HP Software Update\SelfUpdate.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Smart Web Printing\hpswp_clipbook.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzmsi01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzrcv01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzstub.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Intel\NCS2\WMIProv\ncs2prov.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Malwarebytes' Anti-Malware\mbam-dor.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Messenger\msmsgs.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Messenger\msmsgsin.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Microsoft Office\Office12\DRAT.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Microsoft Office\Office12\GROOVE.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Microsoft Office\Office12\GrooveClean.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Microsoft Office\Office12\GrooveMigrator.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\MSN\MSNCoreFiles\copymar.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\MSN\MSNCoreFiles\dw.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\MSN\MSNCoreFiles\msn6.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\MSN\MSNCoreFiles\update.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\MSN\MSNCoreFiles\install\msnsusii.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\MSN\MSNCoreFiles\install\msn9components\digcore.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\MSN\MSNCoreFiles\install\msn9components\msncli.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\MSN\MSNCoreFiles\Setup\msnunin.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\NVIDIA Corporation\nView\keystone.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\NVIDIA Corporation\nView\nvAppBar.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\NVIDIA Corporation\nView\nvDspSch.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\NVIDIA Corporation\nView\nwiz.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Realtek\Audio\Drivers\KB888111xpsp2.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Realtek\Audio\Drivers\RtlUpd.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Realtek\Audio\Drivers\WDM\Alcmtr.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Realtek\Audio\Drivers\WDM\RtkAudioService.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Realtek\Audio\Drivers\WDM\RtlUpd.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Realtek\Audio\Drivers\WDM\SkyTel.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Realtek\Audio\Drivers\WDM\SoundMan.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Symantec\LiveUpdate\ALUNOTIFY.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Symantec\LiveUpdate\AUPDATE.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Symantec\LiveUpdate\LSETUP.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Symantec\LiveUpdate\LUALL.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Symantec\LiveUpdate\LUCheck.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Symantec\LiveUpdate\LuConfig.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Symantec\LiveUpdate\LUInit.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Symantec\LiveUpdate\NotifyHA.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Symantec\LiveUpdate\SymantecRootInstaller.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\VideoLAN\VLC\uninstall.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\WarRock\WRLauncher.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\WarRock\WRUpdater.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\WarRock\Data\HShield\HSUpdate.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\WarRock\Data\HShield\Update\autoup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\WarRock\System\WarRock.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Windows Media Player\dlimport.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP13\A0006201.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP13\A0006261.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP13\A0006263.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP20\A0007789.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP20\A0010361.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP20\A0010364.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP21\A0010821.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010829.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010934.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010935.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010939.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010948.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010949.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010951.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010952.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010961.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010963.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010964.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010965.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010970.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010971.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010972.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010979.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010981.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010982.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010984.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010990.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010993.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010994.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010995.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011001.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011002.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011003.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011004.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011005.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011006.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011008.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011009.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011010.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011011.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011013.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011014.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011015.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011016.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011017.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011019.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011020.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011021.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011022.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011023.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011024.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011025.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011026.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011027.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011028.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011029.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011030.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011031.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011032.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011034.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011035.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011037.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011038.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011040.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011042.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011045.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011046.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011047.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011049.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011050.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011051.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011052.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011053.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011054.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011055.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011056.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011057.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011058.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011059.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011060.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011061.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011062.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011064.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011084.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011090.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011091.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011097.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011102.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011107.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011108.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011109.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011111.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011112.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011113.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011114.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011116.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011121.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011124.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011126.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011127.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011130.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011131.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011132.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011133.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011134.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011135.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011136.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011137.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011138.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011139.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011140.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011141.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011158.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011159.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011160.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011163.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011169.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011171.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011173.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011174.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011175.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011181.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011182.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011183.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011184.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011190.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011202.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011203.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011213.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011214.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011224.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011226.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011230.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011237.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011296.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011310.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011312.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011313.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011315.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011321.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011324.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011325.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011328.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011335.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011348.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011349.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011350.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011351.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011352.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011353.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011355.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011356.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011357.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011358.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011359.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011360.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011361.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011362.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011363.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011364.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011365.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011366.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011367.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011368.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011369.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011370.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011371.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011372.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011373.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011374.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011375.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011376.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011377.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011378.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011379.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011380.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011381.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011382.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011383.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011384.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011385.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011386.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011388.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011389.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011391.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011392.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011393.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011395.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011396.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011397.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011398.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011400.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011401.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011402.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011403.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011404.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011405.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011406.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011407.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011408.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011409.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011410.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011411.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011412.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011413.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011414.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011415.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011416.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011417.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011418.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011419.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011421.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011422.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011423.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011426.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011427.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011428.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011429.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011430.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011432.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011433.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011434.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011435.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011437.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011438.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011439.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011440.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011441.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011442.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011444.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011445.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011446.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011447.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011449.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011450.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011486.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011487.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011488.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011489.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011490.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011491.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011492.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011493.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011494.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011495.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011496.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011497.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011498.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011499.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011500.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011505.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011508.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011510.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011511.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011514.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011515.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011516.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011517.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011518.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011519.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011520.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011521.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011522.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011523.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011524.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011525.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011526.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011528.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011538.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011539.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002236.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002295.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002297.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002299.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002303.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002313.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002337.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002360.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002364.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002366.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002447.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002458.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002492.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002598.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002605.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP6\A0005291.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP6\A0005990.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006106.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006112.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006119.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006120.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006122.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006123.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006126.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006127.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006130.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006132.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006135.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006137.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006138.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006139.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006160.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006161.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006162.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006163.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006164.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006165.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006166.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006168.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006169.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006170.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006171.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\WINDOWS\ALCMTR.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\WINDOWS\SOUNDMAN.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\update\update.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus Beginning disinfection: C:\Programme\Messenger\msmsgs.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Messenger\msmsgs.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS\Adobe_Downloads\install_flash_player_ax.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Dokumente und Einstellungen\All Users\Desktop\Installationsprogramm für Adobe Reader 9\Setup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Dokumente und Einstellungen\Damien\Desktop\protecus\ComboFix.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Dokumente und Einstellungen\Damien\Desktop\protecus\HJT\HJT.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Adobe\Reader 9.0\Reader\Eula.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Adobe\Reader 9.0\Reader\LogTransport2.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Adobe\Reader 9.0\Reader\reader_sl.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1031-7B44-A91000000001}\Setup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Cossacks\HView.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Cossacks\SoundConfig.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Cossacks - Back To War\HView.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Cossacks - Back To War\ScenarioEditor.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Gemeinsame Dateien\Hewlett-Packard\Scanjet\bin\hpsjrreg.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Gemeinsame Dateien\HP\Digital Imaging\bin\hpqPhotoCrm.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ACECNFLT.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\hpqSSupply.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\DestTest.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hposid01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hposvc08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqacdse.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqaol08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\HpqApKil.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqcopy2.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqcsaha.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqdirec.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqdstcp.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqEmlsz.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqirs08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqkiosk.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqpprop.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\HPQPrntW.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\HpqPSApl.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqpse.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqptc08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqqpawp.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqtax08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqtax11.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqtbx01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\HpqTrMgr.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqudc08.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqusgh.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqusgl.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqusgm.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpqwrg.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\hpsjrreg.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\bin\ppcue.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\devicemanagement\hpzmsi01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\devicemanagement\hpzscr01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\DocProc\DocProc.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\DocProc\dpe_ocr.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\DocProc\hpDocCvt.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\DocProc\regipe.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\esupport\hpzmsi01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\esupport\hpzscr01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\extcapuninstall\hpzmsi01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\extcapuninstall\hpzscr01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_insert_memcard.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_load_letter.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_load_original.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_load_small.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_paperjam.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_printcart.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_print_4x6.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_transfer_memcard.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\help\player\fscommand\C4200_transfer_scan.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\ocr\hpzmsi01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\ocr\hpzscr01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\photosmartessential\hpzmsi01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\photosmartessential\hpzscr01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprblog.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprbui.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\Product Assistant\scache\hprbhelp\hprbhelp.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\hpzcdl01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\hpzsetup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\hpzstub.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzcdl01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzdui01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzmsi01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpznop01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzpnp01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzpsl01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzrcn01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzshl01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzwrp01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\HP Software Update\HPWUCli.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\HP Software Update\SelfUpdate.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Smart Web Printing\hpswp_clipbook.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzmsi01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzrcv01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\HP\Temp\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzstub.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Intel\NCS2\WMIProv\ncs2prov.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Malwarebytes' Anti-Malware\mbam-dor.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Messenger\msmsgs.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Messenger\msmsgsin.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Microsoft Office\Office12\DRAT.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Microsoft Office\Office12\GROOVE.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Microsoft Office\Office12\GrooveClean.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Microsoft Office\Office12\GrooveMigrator.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\MSN\MSNCoreFiles\copymar.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\MSN\MSNCoreFiles\dw.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\MSN\MSNCoreFiles\msn6.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\MSN\MSNCoreFiles\update.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\MSN\MSNCoreFiles\install\msnsusii.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\MSN\MSNCoreFiles\install\msn9components\digcore.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\MSN\MSNCoreFiles\install\msn9components\msncli.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\MSN\MSNCoreFiles\Setup\msnunin.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\NVIDIA Corporation\nView\keystone.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\NVIDIA Corporation\nView\nvAppBar.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\NVIDIA Corporation\nView\nvDspSch.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\NVIDIA Corporation\nView\nwiz.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Realtek\Audio\Drivers\KB888111xpsp2.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Realtek\Audio\Drivers\RtlUpd.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Realtek\Audio\Drivers\WDM\Alcmtr.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Realtek\Audio\Drivers\WDM\RtkAudioService.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Realtek\Audio\Drivers\WDM\RtlUpd.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Realtek\Audio\Drivers\WDM\SkyTel.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Realtek\Audio\Drivers\WDM\SoundMan.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Symantec\LiveUpdate\ALUNOTIFY.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Symantec\LiveUpdate\AUPDATE.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Symantec\LiveUpdate\LSETUP.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Symantec\LiveUpdate\LUALL.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Symantec\LiveUpdate\LuCallbackProxy.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Symantec\LiveUpdate\LUCheck.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Symantec\LiveUpdate\LuComServer_3_3.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Symantec\LiveUpdate\LuConfig.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Symantec\LiveUpdate\LUInit.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Symantec\LiveUpdate\NotifyHA.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Symantec\LiveUpdate\SymantecRootInstaller.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\VideoLAN\VLC\uninstall.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\WarRock\WRLauncher.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\WarRock\WRUpdater.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\WarRock\Data\HShield\HSUpdate.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\WarRock\Data\HShield\Update\autoup.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\WarRock\System\WarRock.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\Programme\Windows Media Player\dlimport.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP13\A0006201.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP13\A0006261.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP13\A0006263.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP20\A0007789.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP20\A0010361.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP20\A0010364.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP21\A0010821.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010829.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010934.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010935.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010939.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010948.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010949.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010951.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010952.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010961.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010963.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010964.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010965.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010970.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010971.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010972.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010979.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010981.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010982.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010984.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010990.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010993.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010994.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0010995.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011001.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011002.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011003.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011004.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011005.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011006.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011008.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011009.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011010.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011011.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011013.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011014.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011015.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011016.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011017.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011019.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011020.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011021.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011022.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011023.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011024.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011025.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011026.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011027.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011028.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011029.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011030.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011031.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011032.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011034.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011035.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011037.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011038.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011040.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011042.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011045.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011046.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011047.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011049.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011050.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011051.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011052.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011053.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011054.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011055.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011056.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011057.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011058.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011059.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011060.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011061.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011062.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011064.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011084.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011090.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011091.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011097.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011102.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011107.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011108.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011109.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011111.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011112.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011113.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011114.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011116.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011121.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011124.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011126.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011127.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011130.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011131.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011132.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011133.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011134.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011135.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011136.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011137.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011138.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011139.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011140.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011141.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011158.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011159.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011160.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011163.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011169.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011171.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011173.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011174.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011175.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011181.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011182.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011183.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011184.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP23\A0011190.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011202.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011203.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011213.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011214.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011224.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011226.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011230.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011237.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011296.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011310.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011312.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011313.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011315.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011321.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011324.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011325.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011328.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP24\A0011335.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011348.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011349.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011350.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011351.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011352.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011353.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011355.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011356.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011357.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011358.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011359.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011360.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011361.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011362.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011363.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011364.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011365.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011366.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011367.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011368.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011369.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011370.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011371.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011372.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011373.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011374.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011375.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011376.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011377.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011378.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011379.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011380.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011381.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011382.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011383.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011384.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011385.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011386.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011388.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011389.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011391.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011392.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011393.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011395.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011396.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011397.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011398.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011400.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011401.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011402.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011403.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011404.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011405.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011406.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011407.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011408.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011409.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011410.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011411.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011412.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011413.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011414.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011415.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011416.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011417.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011418.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011419.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011421.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011422.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011423.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011426.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011427.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011428.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011429.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011430.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011432.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011433.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011434.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011435.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011437.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011438.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011439.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011440.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011441.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011442.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011444.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011445.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011446.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011447.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011449.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011450.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011486.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011487.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011488.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011489.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011490.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011491.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011492.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011493.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011494.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011495.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011496.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011497.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011498.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011499.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011500.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011505.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011508.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011510.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011511.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011514.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011515.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011516.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011517.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011518.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011519.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011520.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011521.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011522.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011523.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011524.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011525.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011526.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011528.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011538.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011539.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002236.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002295.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002297.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002299.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002303.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002313.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002337.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002360.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002364.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002366.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002447.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002458.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002492.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002598.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002605.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP6\A0005291.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP6\A0005990.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006106.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006112.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006119.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006120.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006122.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP8\A0006123.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006126.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006127.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006130.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006132.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006135.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006137.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006138.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006139.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006160.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006161.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006162.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006163.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006164.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006165.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006166.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006168.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006169.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006170.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP9\A0006171.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\WINDOWS\ALCMTR.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\WINDOWS\SOUNDMAN.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\update\update.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] The file was not repaired as requested! End of the scan: Samstag, 1. August 2009 11:38 Used time: 29:06 Minute(s) The scan has been done completely. 4203 Scanned directories 187822 Files were scanned 528 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 29 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 187293 Files not concerned 1583 Archives were scanned 471 Warnings 30 Notes 39114 Objects were scanned with rootkit scan 0 Hidden objects were found Dieser Beitrag wurde am 01.08.2009 um 11:41 Uhr von dimdida editiert.
|
|
|
||
01.08.2009, 12:35
Ehrenmitglied
Beiträge: 6028 |
#13
Dein ganzer Rechner ist verseucht wenn ein Trojaner entfernt wird kommt der naechste schon wieder runter
Zitat As of now, security experts suggest that a clean Reformat is the only way to clean the infection and it is the only way to return the machine to its normal working stateQuelle: http://www.bleepingcomputer.com/forums/lofiversion/index.php/t220586.html http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html Brenne oder kopiere Antivir auf ein CD/USBstick Nachdem alles neu aufgesetzt worden ist zuerst ein Virenscanner und Firewall installieren Dan erst Windows updaten und Programme downloaden Wenn man sich etwas runterlardt zuerst mit sein up-to-date Virenscanner scannen lassen So wie du hier sehen kannst wurden heute Morgen schon wieder neue Trojaner runter geladen Zitat 01.08.2009 09:18 16.384 lwmp.exe __________ MfG Argus |
|
|
||
01.08.2009, 12:40
Member
Themenstarter Beiträge: 12 |
#14
Okay, danke dir...
Ich habe nun das oben genannte Removal Tool drüber laufen lassen, nun sind von 528 nur noch 19 Infektionen angezeigt... das ist doch schonmal positiv... Hier jetzt noch der aktuelle Antivir Report: Avira AntiVir Personal Report file date: Samstag, 1. August 2009 14:52 Scanning for 1584543 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : BEILAMPE Version information: BUILD.DAT : 9.0.0.403 17961 Bytes 03.06.2009 17:05:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 11.05.2009 08:14:47 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.02.2009 09:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27.02.2009 09:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 11:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.06.2009 07:54:04 ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 19.07.2009 07:54:09 ANTIVIR3.VDF : 7.1.5.57 445952 Bytes 31.07.2009 07:54:10 Engineversion : 8.2.0.238 AEVDF.DLL : 8.1.1.1 106868 Bytes 30.04.2009 10:52:04 AESCRIPT.DLL : 8.1.2.22 450938 Bytes 01.08.2009 07:54:16 AESCN.DLL : 8.1.2.4 127348 Bytes 01.08.2009 07:54:15 AERDL.DLL : 8.1.2.4 430452 Bytes 01.08.2009 07:54:15 AEPACK.DLL : 8.1.3.18 401783 Bytes 27.05.2009 15:07:20 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 01.08.2009 07:54:14 AEHEUR.DLL : 8.1.0.147 1884536 Bytes 01.08.2009 07:54:14 AEHELP.DLL : 8.1.5.3 233846 Bytes 01.08.2009 07:54:12 AEGEN.DLL : 8.1.1.53 356724 Bytes 01.08.2009 07:54:11 AEEMU.DLL : 8.1.0.9 393588 Bytes 09.10.2008 13:32:40 AECORE.DLL : 8.1.7.6 184694 Bytes 01.08.2009 07:54:11 AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 13:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 05.12.2008 09:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 13:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 05.12.2008 09:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 05.12.2008 09:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 14:39:58 RCTEXT.DLL : 9.0.37.0 86785 Bytes 17.04.2009 09:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: Samstag, 1. August 2009 14:52 Starting search for hidden objects. '41468' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'hprblog.exe' - '1' Module(s) have been scanned Scan process 'hpqste08.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 31 processes with 31 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! Master boot sector HD3 [INFO] No virus was found! Master boot sector HD4 [INFO] No virus was found! Master boot sector HD5 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan executable files (registry). C:\Programme\Messenger\msmsgs.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Messenger\msmsgs.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus The registry was scanned ( '57' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\ejfli.exe [DETECTION] Is the TR/Downloader.Gen Trojan C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\w31d7327.exe [DETECTION] Is the TR/Crypt.HO.11 Trojan C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winbfqrc.exe [DETECTION] Is the TR/Downloader.Gen Trojan C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winbjcxny.exe [DETECTION] Is the TR/Downloader.Gen Trojan C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\windhixv.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\wingjrah.exe [DETECTION] Is the TR/Downloader.Gen Trojan C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winkfewn.exe [DETECTION] Is the TR/Spy.Gen Trojan C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winuduvn.exe [DETECTION] Is the TR/Downloader.Gen Trojan C:\Programme\HP\Digital Imaging\bin\hpqtax11.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\Messenger\msmsgs.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\Programme\WarRock\System\WarRock.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011026.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011373.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011449.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011691.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011692.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002366.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus Beginning disinfection: C:\Programme\Messenger\msmsgs.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [NOTE] The file was moved to '4ae169e1.qua'! C:\Programme\Messenger\msmsgs.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004 [WARNING] The source file could not be found. [NOTE] Attempting to perform action using the ARK library. [WARNING] Error in ARK library [NOTE] The file is scheduled for deleting after reboot. C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\ejfli.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ada6ac0.qua'! C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\w31d7327.exe [DETECTION] Is the TR/Crypt.HO.11 Trojan [NOTE] The file was moved to '4aa56a8a.qua'! C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winbfqrc.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4ae26ac0.qua'! C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winbjcxny.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '49586329.qua'! C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\windhixv.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program [NOTE] The file was moved to '49597b71.qua'! C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\wingjrah.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4f8e7c91.qua'! C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winkfewn.exe [DETECTION] Is the TR/Spy.Gen Trojan [NOTE] The file was moved to '4f8f74d9.qua'! C:\Dokumente und Einstellungen\Damien\Lokale Einstellungen\temp\winuduvn.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] The file was moved to '4f8c4f21.qua'! C:\Programme\HP\Digital Imaging\bin\hpqtax11.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [NOTE] The file was moved to '4ae56ac7.qua'! C:\Programme\Messenger\msmsgs.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [WARNING] An error has occurred and the file was not deleted. ErrorID: 26004 [WARNING] The source file could not be found. [NOTE] Attempting to perform action using the ARK library. [WARNING] Error in ARK library [NOTE] The file is scheduled for deleting after reboot. C:\Programme\WarRock\System\WarRock.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [NOTE] The file was moved to '4ae66abe.qua'! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP22\A0011026.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [NOTE] The file was moved to '4aa46a8d.qua'! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011373.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [NOTE] The file was moved to '4998507e.qua'! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP25\A0011449.exe [DETECTION] Contains code of the W32/Sality.AA Windows virus [NOTE] The file was moved to '4aa46a8e.qua'! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011691.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [NOTE] The file was moved to '49992837.qua'! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP26\A0011692.EXE [DETECTION] Contains code of the W32/Sality.AA Windows virus [NOTE] The file was moved to '499a200f.qua'! C:\System Volume Information\_restore{8AD5C7A6-5528-456C-BB2F-767248D4A5EA}\RP5\A0002366.rbf [DETECTION] Contains code of the W32/Sality.AA Windows virus [NOTE] The file was moved to '499b38c7.qua'! End of the scan: Samstag, 1. August 2009 18:16 Used time: 26:09 Minute(s) The scan has been done completely. 4223 Scanned directories 189735 Files were scanned 19 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 17 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 189715 Files not concerned 1561 Archives were scanned 3 Warnings 20 Notes 41468 Objects were scanned with rootkit scan 0 Hidden objects were found Habe noch ne Frage: Ich lasse mir die treiber etc und die sp2 udn 3 für xp auf cd brennen eben so wie antivir. dann, wenn der pc neu aufgesetzt ist, wie sollte die reihenfolge sein? antivir chipsatztriber grafiktreiber soundtreiber lantreiber dann sp2 dann sp3 ????? und wo ne gute kostenlose Firewall hernehmen? An welcher Stelle/Reihenfolge käme die dann??? Dieser Beitrag wurde am 01.08.2009 um 18:26 Uhr von dimdida editiert.
|
|
|
||
01.08.2009, 18:26
Member
Beiträge: 202 |
#15
Um antivir efolgreisch installieren zu können ist sp 2 voraussetzung
also würde ich sp 2 und sp 3 zuerst installieren. dann chipsatztreiber ( wenn diese dann noch benötigt werden sind zu grossem teil in sp 2&3 vorhanden ) antivir Latreiber ( Müsste auch schon in den servicepacks vorhanden sein ) Firewall ( Comodo kann ich entpfehlen ) http://www.chip.de/downloads/Comodo-Internet-Security_28397713.html Dann alles weitere da ist die reihenfolge nicht so entscheident |
|
|
||
Problembeschreibung / Symptome ?
Hallo,
ich habe meinen PC neu aufgesetzt. früher war Vista drauf, jetzt XP.
Es hat alles wunderbar funktioniert.
Ich habe den Chipsatztreiber Grafik und Sound Treiber sowie Symantec Endpoint Protection und den Lan Treiber installiert.
Seit(ich denke seit da) der Lan Treiber installiert ist, gibt es Probleme.
SEP lässt sich nicht öffnen, neue Virenprogramme nicht installieren.
Der Taskmanager wurde angeblich durch den Administrator gesperrt genauso wie das Bearbeiten der Registrx(war für eine installation nötig).
Online Scans lassen sich nicht öffnen--Server nicht gefunden
Virustotal oä um den Lan Treiber zu checken gehe nicht...--Server nicht gefudnen.
-----------------------------------------------------------------------------------------------
3.
mache einen Scan mit Malwarebytes -
Malwarebytes' Anti-Malware 1.39
Datenbank Version: 2534
Windows 5.1.2600 Service Pack 3
31.07.2009 11:42:15
mbam-log-2009-07-31 (11-42-14).txt
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 81591
Laufzeit: 2 minute(s), 48 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
-----------------------------------------------------------------------------------------------
4.
Erstellen eines Hijackthis-Logfiles
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:33, on 31.07.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOKUME~1\Damien\LOKALE~1\Temp\Temporäres Verzeichnis 1 für HiJackThis.zip\HijackThis.exe
C:\DOKUME~1\Damien\LOKALE~1\Temp\ctqb.exe
C:\DOKUME~1\Damien\LOKALE~1\Temp\jraj.exe
C:\DOKUME~1\Damien\LOKALE~1\Temp\winuufbso.exe
C:\DOKUME~1\Damien\LOKALE~1\Temp\w3f1b4.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249025893062
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
--
End of file - 4540 bytes
-----------------------------------------------------------------------------------------------
5.
Erstellen einer Uninstall Liste
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.2 - Deutsch
CDBurnerXP
DLRG Fragenkatalog Rettungsschwimmen
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
Intel(R) Netzwerkanschlüsse
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access Runtime (German) 2007
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Realtek High Definition Audio Driver
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB938464-v2)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB972260)
Sicherheitsupdate für Windows XP (KB973346)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update für Windows Internet Explorer 8 (KB972636)
Update für Windows XP (KB951978)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
VLC media player 1.0.1
Windows Imaging Component
Windows Internet Explorer 8
Windows XP Service Pack 3
XML Paper Specification Shared Components Language Pack 1.0
-----------------------------------------------------------------------------------------------
Ich hoffe sehr, dass Ihr mir weiterhelfen könnt, denn ich weiß derzeit keinen Ausweg.
Wenn weitere Informationen benötigt werden, bitte mir genau erklären wo ich diese herbekomme.
LG Dimdida