"Search for..." Startseite kommt immer wieder!

#121 @ sabina
hab alle deine schritte gemacht....die 2 dateien waren nach den scans nicht mehr da deswegen konnt ich nix löschen... und der link zum cleaner von kaspersky hat nicht funktioniert?! aber sonst alles gemacht. und im moment is funktioniert auch alles prima... hier mein log:
Logfile of HijackThis v1.97.7
Scan saved at 12:23:06, on 28.06.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
D:\mwav.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {B3524061-1127-4F82-81AD-9C7E695F76EA} - C:\WINDOWS\System32\ikpb.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programme\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\SBAudigy\RemoteCenter\Rc\RcMan.EXE
O4 - HKCU\..\Run: [Taskbar] C:\Programme\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38164.0186342593

danke für die hilfe übrigens

#122 @Demoness

Fixe noch

O2 - BHO: (no name) - {B3524061-1127-4F82-81AD-9C7E695F76EA} - C:\WINDOWS\System32\ikpb.dll (file missing)

damit es aus dem Autostart kommt...hat da nichts zu suchen..
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime

neustarten und loesche im abgesicherten Modus
C:\WINDOWS\System32\ikpb.dll

MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit

#123 Ich hab auch das Search for... - Problem. Hier mein Logfile:

Logfile of HijackThis v1.97.7
Scan saved at 16:39:40, on 28.06.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton Personal Firewall 2002\NISUM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\Programme\Norton Personal Firewall 2002\NISSERV.EXE
C:\Programme\Norton Personal Firewall 2002\SymProxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\System32\Prismsta.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\Norton Personal Firewall 2002\IAMAPP.EXE
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\Programme\NetPumper\NetPumperIEProxy.exe
C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Dokumente und Einstellungen\Rhymin Simon\Eigene Dateien\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\RHYMIN~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\RHYMIN~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\RHYMIN~1\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\RHYMIN~1\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\RHYMIN~1\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\RHYMIN~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0689779C-BAAB-4B34-B780-BA61D6A22F47} - C:\WINDOWS\System32\icmkmca.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Prism_Utility] Prismsta.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [mmtask] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] M:\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updmgr] C:\Programme\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iamapp] C:\Programme\Norton Personal Firewall 2002\IAMAPP.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Programme\NetPumper\NetPumperIEProxy.exe"
O4 - HKCU\..\Run: [AOLMIcon] C:\WINDOWS\AOLMIcon.exe
O4 - HKCU\..\Run: [Skype] "M:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "c:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe
O4 - HKCU\..\Run: [ClockSync] "C:\Programme\ClockSync\Sync.exe" /q
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Free WebSite Tools.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: MedionShop (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/04a30f04300bfbf27206/netzip/RdxIE601_de.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38020.7125
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE60CE46-C8A7-4F46-9B82-19496EE1E875}: NameServer = 217.237.150.141 194.25.2.129

Könnt ihr mir helfen?

Entweder hier oder per e-mail: Sergeant.Hartman@gmx.de
DANKE!!!!

#124 Hallo, ich habe das Problem leider auch. Kanns aber leider nicht alleine lösen, weil ich hier durch die ganzen Anleitungen nicht so ganz durchsteige.

Hier mal der logfile, hoffe ihr könnt mir helfen!!

Logfile of HijackThis v1.97.7
Scan saved at 18:11:08, on 28.06.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\KeirNet\K9\K9.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\RealVNC\WinVNC\WinVNC.exe
C:\Programme\Iomega\AutoDisk\ADService.exe
C:\Programme\Trillian\trillian.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\-- SYSTEM --\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {72B243B0-A737-4CB4-B364-7EB465A8EB55} - C:\WINDOWS\System32\nakbjd.dll
O2 - BHO: WebSpeechBHO Class - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Gemeinsame Dateien\WebSpeech.4.0\LgxIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinDSL MTU-Adjust] WinDSL_MTU.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - Startup: Launch K9.lnk = C:\Programme\KeirNet\K9\K9.exe
O4 - Startup: Trillian Pro.lnk = C:\Programme\Trillian\trillianpro.exe
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: WebSpeech (HKLM)
O9 - Extra 'Tools' menuitem: Seite/Markierung vorlesen (WebSpeech) (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.rempp.ipactive.de:8081/activex/AxisCamControl.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.latschenhof-websline.com/ITmaxxDeluxe/Templates/plugins/mssurvid.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37892.3362384259
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab


HIIIIIIIIIIIIILFE

#125 Tja...ich finde es schon amysant. Meinen Beitrag scheinen alle zu ignorieren. Aber das ist ok. Ich habe das Problem nicht mehr. Viel Spaß noch mit euren LOG's

Gruß Bonanza

#126 vielen dank sabina!!! hat super funktioniert

ist super von dir das du dir die ganze arbeit hier antust

scrat28

#127 Heeeeeeee, ich hatte jetzt grad die schnauze voll und bin einfach mal das risiko eingegangen, diese uminöse uninstall.exe auszuführen. Natürlich vorher auf viren durchgescannt...


UND ES GEEEEEEEHT!!!!!!!


Also Leute, BONANZA2002 hat RECHT!! Könnt ihm vertrauen, ich habs getestet

#128 Bitte CWshredder aktualisieren. Die 1.59.1 entfernt ihn nun auch.
__________
MfG Ralf
SEO-Spam Hunter

#129 @Sabina,

habe heute alles nach so ausgeführt wie Du es mir empfohlen hast.

Beim Scan mit Kaspersky und Spybot kam jeweils eine Virusmeldung "Backdoor.Agent.ac" ich denke er wurde entfernt.

Da ich kein Englisch kann was bedeutet Files Renamed (Datei umbenannt), falls ich recht habe welchen Sinn macht es einen Virus oder die betroffene Datei umzubenennen?

Aber hier jetzt mein bereinigter Logfile:

Logfile of HijackThis v1.97.7
Scan saved at 21:30:06, on 28.06.2004
Platform: Windows XP SP2, v.2149 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2149)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Dokumente und Einstellungen\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/freenet/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,76/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs8b.instantservice.com/jars/customerxsigned41.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38155.2858564815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4365/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11EF6398-5340-4545-8D63-1269C24C6AE1}: NameServer = 192.168.4.220

Ach ja, was verbirgt sich hinter 03-Toolbar (no name), (no file) frage nur weil ich dachte das Einträge ohne Name nicht Gutes sind.

Nochmals Danke und Gruß

Neritia

#130 @MVG.net

Fixe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\RHYMIN~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\RHYMIN~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\RHYMIN~1\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\RHYMIN~1\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\RHYMIN~1\LOKALE~1\Temp\sp.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\RHYMIN~1\LOKALE~1\Temp\sp.html

R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL

O2 - BHO: (no name) - {0689779C-BAAB-4B34-B780-BA61D6A22F47} - C:\WINDOWS\System32\icmkmca.dll
O4 - HKLM\..\Run: [updmgr] C:\Programme\Common files\updmgr\updmgr.exe
O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe

neustarten

Lade mwav.exe und ...ist 30 Tage free
http://www.mwti.net/antivirus/free_utilities.asp
poste dann, was der Scanner noch gefunden hat.

Lade Cwhredder
http://www.spywareinfo.com/~merijn/downloads.html

Mache einen Onlinescann
http://uk.trendmicro-europe.com/enterprise/products/housecall_launch.php

Lade AdAware free
http://www.lavasoft.de/support/download/

Lade Spybot
http://www.safer-networking.org/index.php?page=download&lang=de

#Loesche unter InternetOptionen die TemporaryInernetFiles und stelle eine neue Startseite ein.


Gehe in den abgesicherten Modus ...F8 beim Booten druecken und scanne mit allen Tools .


1.loesche C:\WINDOWS\System32\icmkmca.dll
2.Loesche die 04-Eintraege in der Registry
Start<Ausfuehren<regedit
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKCU<Software\Microsoft\Windows\CurrentVersion\Run


3.Loesche dann die exe mit der Suchfunktion von Windows

neustarten

Poste das Log noch mal

Mfg
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit

#131 @neritia

Fixe noch
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

neustarten

Lade Antivir
http://www.free-av.de/

Gehe in den abgesicherten Modus...F8 beim Hochfahren druecken und mache einen Vollscann.
Stelle ein <alle Dateien<scannen.

Durch das Umbenennen kann der Virus nun geloescht werden.

neustarten

Lade eine Firewall...Sygate free
http://smb.sygate.com/products/spf_standard.htm

#Surfe nur mit Firefox..ist sicherer
http://www.firebird-browser.de/

MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit

#132 @chris2104

Scanne mit dem HijackThis, dann hake an, was ich poste und druecke auf <fix<

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\sp.html

O2 - BHO: (no name) - {72B243B0-A737-4CB4-B364-7EB465A8EB55} - C:\WINDOWS\System32\nakbjd.dll


neustarten


Gehe in den abgesicherten Modus...die Taste F8 beim Hochfahren druecken

#Dort suchst und loescht du C:\WINDOWS\System32\nakbjd.dll


neustarten

#Lade von dieser Site den AdAware free und den Search<Destroy
http://www.rokop-security.de/main/article.php?sid=703

#Lade Cwhredder
http://www.spywareinfo.com/~merijn/downloads.html


Loesche unter InternetOptionen die TemporaryInternetFiles und stelle eine neue Startseite ein.

surfe mit dem Firefox ...ist hijackerfrei
http://www.firebird-browser.de/

Lade escan...mwav.exe und scanne
http://www.mwti.net/antivirus/free_utilities.asp

Dann poste das Log noch mal.
Mfg
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit

#133 Hallo Leute bitte helft mir. Ich hab mir so eine Search for... Seite auch eingefangen.Hab schon mit HijackThis im abgesicherten Modus alles gefixt und auch mit Adaware gescannt. Ausserdem habe ich die neuesten IE Updates, doch dieses verdammte Ding kommt alle 1-2 Tage wieder.Ich hoffe ihr könnt mir helfen.Hier mein HijackThis Log:

Logfile of HijackThis v1.97.7
Scan saved at 01:02:20, on 29.06.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
I:\Programme\Antivirus-Profi-Paket\AVKService.exe
I:\Programme\Antivirus-Profi-Paket\AVKWCtl.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\GFI\LANguard Network Security Scanner 3\sscansvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe
D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
H:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\mmait\Desktop\projekt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\mmait\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\mmait\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\mmait\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\mmait\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.jet2web.net;*.aon.at;<local>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SpybotSnD] "H:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
O4 - HKLM\..\Run: [AVG_CC] D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKCU\..\Run: [ATI Remote Control] C:\Programme\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F52F00CE-AD22-4F48-8B0E-50E8ACB686A7}: NameServer = 195.3.96.67 195.3.96.68


Danke schon im voraus!!

#134 "Mawcor

Fixe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\mmait\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\mmait\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\mmait\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\mmait\LOKALE~1\Temp\sp.htm

neustarten

Lade Cwshredder
http://www.spywareinfo.com/~merijn/downloads.html

Lade mwav.exe und ...ist 30 Tage free
http://www.mwti.net/antivirus/free_utilities.asp

poste dann, was der Scanner noch gefunden hat.

Update Windows und den IE auf IE 6 Sp1
http://www.microsoft.com/downloads/details.aspx?displaylang=de&FamilyID=1E1550CB-5E5D-48F5-B02B-20B602228DE6

Loesche unter InternetOptionen die TemporaryInternetfiles und stelle eine neue Startseite ein.

MfG
Sabina
__________
MfG Sabina

rund um die PC-Sicherheit

#135 Danke für die Hilfe um diese Zeit
Hier der Scan Log:

Tue Jun 29 01:34:37 2004 => **********************************************************
Tue Jun 29 01:34:37 2004 => eScan AntiVirus Toolkit Utility.
Tue Jun 29 01:34:37 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Tue Jun 29 01:34:37 2004 => **********************************************************
Tue Jun 29 01:34:37 2004 => Version 4.2.4
Tue Jun 29 01:34:37 2004 => Log File: C:\DOKUME~1\mmait\LOKALE~1\Temp\mwav.log
Tue Jun 29 01:34:37 2004 => Database Path in KL Key: C:\Programme\Gemeinsame Dateien\KAV Shared Files\Bases.
Tue Jun 29 01:34:37 2004 => Latest Date of files in KL key: 09 Dec 2003 13:03:32.
Tue Jun 29 01:34:37 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25.
Tue Jun 29 01:34:39 2004 => AV Library Loaded...
Tue Jun 29 01:34:39 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavss.exe
Tue Jun 29 01:34:39 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\Getvlist.exe
Tue Jun 29 01:34:39 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavss.dll
Tue Jun 29 01:34:39 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavssdi.dll
Tue Jun 29 01:34:40 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavssi.dll
Tue Jun 29 01:34:40 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavvlg.dll
Tue Jun 29 01:34:40 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\msvlclnt.dll
Tue Jun 29 01:34:40 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\ipc.dll
Tue Jun 29 01:34:40 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\main.avi
Tue Jun 29 01:34:40 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\virus.avi
Tue Jun 29 01:34:40 2004 => Virus Database Date: 2004/06/20
Tue Jun 29 01:34:40 2004 => Virus Database Count: 95240
Tue Jun 29 01:34:58 2004 => AV Library Unloaded (3)...
Tue Jun 29 01:43:28 2004 => **********************************************************
Tue Jun 29 01:43:28 2004 => eScan AntiVirus Toolkit Utility.
Tue Jun 29 01:43:28 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Tue Jun 29 01:43:28 2004 => **********************************************************
Tue Jun 29 01:43:28 2004 => Version 4.2.4
Tue Jun 29 01:43:28 2004 => Log File: C:\DOKUME~1\mmait\LOKALE~1\Temp\mwav.log
Tue Jun 29 01:43:28 2004 => Database Path in KL Key: C:\Programme\Gemeinsame Dateien\KAV Shared Files\Bases.
Tue Jun 29 01:43:28 2004 => Latest Date of files in KL key: 09 Dec 2003 13:03:32.
Tue Jun 29 01:43:28 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25.
Tue Jun 29 01:43:30 2004 => AV Library Loaded...
Tue Jun 29 01:43:30 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavss.exe
Tue Jun 29 01:43:30 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\Getvlist.exe
Tue Jun 29 01:43:31 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavss.dll
Tue Jun 29 01:43:31 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavssdi.dll
Tue Jun 29 01:43:31 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavssi.dll
Tue Jun 29 01:43:31 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavvlg.dll
Tue Jun 29 01:43:31 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\msvlclnt.dll
Tue Jun 29 01:43:31 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\ipc.dll
Tue Jun 29 01:43:31 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\main.avi
Tue Jun 29 01:43:31 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\virus.avi
Tue Jun 29 01:43:31 2004 => Virus Database Date: 2004/06/20
Tue Jun 29 01:43:31 2004 => Virus Database Count: 95240

Tue Jun 29 01:43:40 2004 => **********************************************************
Tue Jun 29 01:43:40 2004 => eScan AntiVirus Toolkit Utility.
Tue Jun 29 01:43:40 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Tue Jun 29 01:43:40 2004 =>
Tue Jun 29 01:43:40 2004 => Support: support@mwti.net
Tue Jun 29 01:43:40 2004 => Web: http://www.mwti.net
Tue Jun 29 01:43:40 2004 => **********************************************************
Tue Jun 29 01:43:40 2004 => Version 4.2.4
Tue Jun 29 01:43:40 2004 => Log File: C:\DOKUME~1\mmait\LOKALE~1\Temp\mwav.log
Tue Jun 29 01:43:40 2004 => Database Path in KL Key: C:\Programme\Gemeinsame Dateien\KAV Shared Files\Bases.
Tue Jun 29 01:43:40 2004 => Latest Date of files in KL key: 09 Dec 2003 13:03:32.
Tue Jun 29 01:43:40 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25.

Tue Jun 29 01:43:40 2004 => Options Selected by User:
Tue Jun 29 01:43:40 2004 => Memory Check: Enabled
Tue Jun 29 01:43:40 2004 => Registry Check: Enabled
Tue Jun 29 01:43:40 2004 => StartUp Folder Check: Enabled
Tue Jun 29 01:43:40 2004 => System Folder Check: Disabled
Tue Jun 29 01:43:40 2004 => System Area Check: Disabled
Tue Jun 29 01:43:40 2004 => Services Check: Enabled
Tue Jun 29 01:43:40 2004 => Drive Check Option Disabled
Tue Jun 29 01:43:40 2004 => Scanning Type: Scan And Clean
Tue Jun 29 01:43:40 2004 => Folder Check: Disabled

Tue Jun 29 01:43:40 2004 => ***** Scanning Memory Files *****
Tue Jun 29 01:43:40 2004 => Scanning File C:\WINDOWS\system32\services.exe
Tue Jun 29 01:43:40 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Jun 29 01:43:40 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:43:40 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:43:40 2004 => Scanning File C:\WINDOWS\Explorer.EXE
Tue Jun 29 01:43:40 2004 => Scanning File C:\DOKUME~1\mmait\Desktop\projekt\firfox\mwav.exe
Tue Jun 29 01:43:42 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\mwavscan.com
Tue Jun 29 01:43:42 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavss.exe

Tue Jun 29 01:43:42 2004 => ***** Scanning Registry Files *****
Tue Jun 29 01:43:42 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Tue Jun 29 01:43:42 2004 => Scanning File C:\WINDOWS\Explorer.exe
Tue Jun 29 01:43:42 2004 => Scanning File C:\WINDOWS\system32\userinit.exe
Tue Jun 29 01:43:42 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Jun 29 01:43:43 2004 => Scanning File C:\PROGRA~1\Alcatel\SPEEDT~1\Dragdiag.exe
Tue Jun 29 01:43:44 2004 => Scanning File H:\PROGRA~1\SPYBOT~1\SpybotSD.exe
Tue Jun 29 01:43:44 2004 => Scanning File D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
Tue Jun 29 01:43:44 2004 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\atiptaxx.exe
Tue Jun 29 01:43:44 2004 => Scanning File C:\PROGRA~1\KASPER~1\KASPER~1\ogrc.exe
Tue Jun 29 01:43:45 2004 => Scanning File C:\PROGRA~1\KASPER~1\KASPER~1\avpcc.exe
Tue Jun 29 01:43:45 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Tue Jun 29 01:43:45 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Tue Jun 29 01:43:45 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Tue Jun 29 01:43:45 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Jun 29 01:43:45 2004 => Scanning File C:\PROGRA~1\ATIMUL~1\RemCtrl\ATIRW.exe
Tue Jun 29 01:43:46 2004 => Scanning File H:\PROGRA~1\SPYBOT~1\TeaTimer.exe
Tue Jun 29 01:43:46 2004 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Tue Jun 29 01:43:46 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Tue Jun 29 01:43:46 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Tue Jun 29 01:43:46 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Tue Jun 29 01:43:46 2004 => Scanning HKCR\txtfile\shell\open\command
Tue Jun 29 01:43:46 2004 => Scanning HKCR\comfile\shell\open\command
Tue Jun 29 01:43:46 2004 => Scanning HKCR\exefile\shell\open\command
Tue Jun 29 01:43:46 2004 => Scanning HKCR\dllfile\shell\open\command
Tue Jun 29 01:43:46 2004 => Scanning HKCR\batfile\shell\open\command
Tue Jun 29 01:43:46 2004 => Scanning HKCR\piffile\shell\open\command
Tue Jun 29 01:43:46 2004 => Scanning HKCR\scrfile\shell\open\command
Tue Jun 29 01:43:46 2004 => Scanning HKCR\scrfile\shell\config\command
Tue Jun 29 01:43:46 2004 => Scanning HKCR\regfile\shell\open\command

Tue Jun 29 01:43:46 2004 => ***** Scanning StartUp Folders *****

Tue Jun 29 01:43:46 2004 => ***** Scanning C:\Dokumente und Einstellungen\mmait\Startmenü\Programme\Autostart Folder *****
Tue Jun 29 01:43:46 2004 => Scanning Folder: C:\Dokumente und Einstellungen\mmait\Startmenü\Programme\Autostart\*.*
Tue Jun 29 01:43:46 2004 => Scanning File C:\Dokumente und Einstellungen\mmait\Startmenü\Programme\Autostart\desktop.ini

Tue Jun 29 01:43:46 2004 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder *****
Tue Jun 29 01:43:46 2004 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.*
Tue Jun 29 01:43:46 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

Tue Jun 29 01:43:47 2004 => ***** Scanning Service Files *****
Tue Jun 29 01:43:47 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Tue Jun 29 01:43:47 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys
Tue Jun 29 01:43:47 2004 => Scanning File C:\WINDOWS\System32\drivers\aec.sys
Tue Jun 29 01:43:47 2004 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Tue Jun 29 01:43:47 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\alcan5wn.sys
Tue Jun 29 01:43:47 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\alcaudsl.sys
Tue Jun 29 01:43:47 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:47 2004 => Scanning File C:\WINDOWS\System32\alg.exe
Tue Jun 29 01:43:47 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:43:47 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys
Tue Jun 29 01:43:47 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys
Tue Jun 29 01:43:47 2004 => Scanning File C:\WINDOWS\System32\Ati2evxx.exe
Tue Jun 29 01:43:47 2004 => Scanning File C:\WINDOWS\system32\ati2sgag.exe
Tue Jun 29 01:43:47 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
Tue Jun 29 01:43:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atinrvxx.sys
Tue Jun 29 01:43:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atintuxx.sys
Tue Jun 29 01:43:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atinraxx.sys
Tue Jun 29 01:43:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atinxsxx.sys
Tue Jun 29 01:43:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys
Tue Jun 29 01:43:48 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:48 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys
Tue Jun 29 01:43:48 2004 => Scanning File D:\PROGRA~1\GRISOFT\AVG6\AVGCORE.SYS
Tue Jun 29 01:43:48 2004 => Scanning File D:\PROGRA~1\GRISOFT\AVG6\AVGFSH.SYS
Tue Jun 29 01:43:48 2004 => Scanning File D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
Tue Jun 29 01:43:48 2004 => Scanning File C:\WINDOWS\SYSTEM32\AVKWFILT.SYS
Tue Jun 29 01:43:48 2004 => Scanning File I:\Programme\Antivirus-Profi-Paket\AVKService.exe
Tue Jun 29 01:43:48 2004 => Scanning File I:\Programme\Antivirus-Profi-Paket\AVKWCtl.exe
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\SYSTEM32\AVKFSAVP.SYS
Tue Jun 29 01:43:49 2004 => Scanning File C:\PROGRA~1\KASPER~1\KASPER~1\avpcc.exe
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\axsaki.sys
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\axskbus.sys
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\System32\cisvc.exe
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Tue Jun 29 01:43:49 2004 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\drivers\enodpl.sys
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\system32\services.exe
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\gameenum.sys
Tue Jun 29 01:43:50 2004 => ERROR!!! Invalid Entry \??\F:\INSTALL\GMSIPCI.SYS in SYSTEM\CurrentControlSet\Services\GMSIPCI...
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\Drivers\hwi4857.sys
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\imapi.exe
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys
Tue Jun 29 01:43:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys
Tue Jun 29 01:43:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys
Tue Jun 29 01:43:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys
Tue Jun 29 01:43:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys
Tue Jun 29 01:43:51 2004 => Scanning File C:\PROGRA~1\KASPER~1\KASPER~1\avpm.exe
Tue Jun 29 01:43:51 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Tue Jun 29 01:43:51 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\KLIF.SYS
Tue Jun 29 01:43:51 2004 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys
Tue Jun 29 01:43:51 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:51 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:51 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:51 2004 => Scanning File C:\PROGRA~1\GFI\LANGUA~1\sscansvc.exe
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\drivers\OVSound2.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\msdtc.exe
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\msiexec.exe
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\drivers\MSTEE.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\drivers\msmpu401.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atinmdxx.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\NdisIP.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys
Tue Jun 29 01:43:52 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\System32\Drivers\MDSHA031.sys
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\System32\nvsvc32.exe
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pciide.sys
Tue Jun 29 01:43:53 2004 => ERROR!!! Invalid Entry \??\C:\DOKUME~1\mmait\LOKALE~1\Temp\pfsvgae.sys in SYSTEM\CurrentControlSet\Services\pfsvgae...
Tue Jun 29 01:43:53 2004 => Scanning File C:\WINDOWS\system32\services.exe
Tue Jun 29 01:43:54 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Jun 29 01:43:54 2004 => Scanning File C:\WINDOWS\System32\Drivers\PortRST.sys
Tue Jun 29 01:43:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys
Tue Jun 29 01:43:54 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys
Tue Jun 29 01:43:54 2004 => Scanning File C:\WINDOWS\System32\drivers\prodrv06.sys
Tue Jun 29 01:44:03 2004 => Scanning File C:\WINDOWS\System32\drivers\prohlp02.sys
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\drivers\prosync1.sys
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\OVCE.sys
Tue Jun 29 01:44:13 2004 => ERROR!!! Invalid Entry C:\Programme\RadLinker\RadClock.exe in SYSTEM\CurrentControlSet\Services\RadClock...
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RadProbe.sys
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\SYSTEM32\RAVGD.SYS
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:13 2004 => Scanning File C:\WINDOWS\System32\locator.exe
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\rsvp.exe
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\Ser*hier nicht!*.sys
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\drivers\sfhlp01.sys
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\Drivers\SilvrLnk.sys
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\drivers\sis7012.sys
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sisagp.sys
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\SLIP.sys
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Tue Jun 29 01:44:14 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SONYSH~1\AVLib\Sptisrv.exe
Tue Jun 29 01:44:14 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SSHDRV65.SYS
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SSHDRV76.SYS
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\StreamIP.sys
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\SYSTEM32\SVKP.SYS
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\drivers\tandpl.sys
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:44:15 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ATINTTXX.sys
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\ups.exe
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbohci.sys
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbprint.sys
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\USR7900.SYS
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\vssvc.exe
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wceusbsh.sys
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:44:16 2004 => ERROR!!! Invalid Entry C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe in SYSTEM\CurrentControlSet\Services\x10nets...

Tue Jun 29 01:44:16 2004 => ***** Scanning Important System Files *****
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\winsock.dll
Tue Jun 29 01:44:16 2004 => Scanning File C:\WINDOWS\System32\ws2_32.dll
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\ws2help.dll
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\wsock32.dll
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\wscript.exe
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\wshatm.dll
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\wshcon.dll
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\wshext.dll
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\wship6.dll
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\wshisn.dll
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\wshnetbs.dll
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\wshom.ocx
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\WshRm.dll
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\wsnmp32.dll
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\wshde.dll
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\wstdecod.dll
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\explorer.exe
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\explorer.scf
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\notepad.exe
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\cmd.exe
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\cmd.ftp
Tue Jun 29 01:44:17 2004 => Scanning File C:\WINDOWS\System32\kernel32.dll
Tue Jun 29 01:44:18 2004 => Scanning File C:\WINDOWS\System32\ntoskrnl.exe
Tue Jun 29 01:44:18 2004 => Scanning File C:\WINDOWS\System32\ntkrnlpa.exe
Tue Jun 29 01:44:18 2004 => Scanning File C:\WINDOWS\System32\hal.dll
Tue Jun 29 01:44:18 2004 => Scanning File C:\WINDOWS\System32\win32k.sys
Tue Jun 29 01:44:18 2004 => Scanning File C:\WINDOWS\System32\ntdll.dll
Tue Jun 29 01:44:18 2004 => Scanning File C:\WINDOWS\System32\advapi32.dll
Tue Jun 29 01:44:18 2004 => Scanning File C:\WINDOWS\System32\user32.dll
Tue Jun 29 01:44:19 2004 => Scanning File C:\WINDOWS\System32\gdi32.dll
Tue Jun 29 01:44:19 2004 => Scanning File C:\WINDOWS\System32\bootvid.dll
Tue Jun 29 01:44:19 2004 => Scanning File C:\WINDOWS\System32\command.com

Tue Jun 29 01:44:19 2004 => ***** Checking for specific ITW Viruses *****
Tue Jun 29 01:44:19 2004 => Checking for Welchia Virus...
Tue Jun 29 01:44:19 2004 => Checking for LovGate Virus...
Tue Jun 29 01:44:19 2004 => Checking for CodeRed Virus...
Tue Jun 29 01:44:19 2004 => Checking for OpaServ Virus...
Tue Jun 29 01:44:19 2004 => Checking for Sobig.e Virus...
Tue Jun 29 01:44:19 2004 => Checking for Winupie Virus...
Tue Jun 29 01:44:19 2004 => Checking for Swen Virus...
Tue Jun 29 01:44:19 2004 => Checking for JS.Fortnight Virus...
Tue Jun 29 01:44:19 2004 => Checking for Novarg Virus...

Tue Jun 29 01:44:19 2004 => ***** Scanning complete. *****

Tue Jun 29 01:44:19 2004 => Total Number of Files Scanned: 260
Tue Jun 29 01:44:19 2004 => Total Number of Virus(es) Found: 0
Tue Jun 29 01:44:19 2004 => Total Number of Disinfected Files: 0
Tue Jun 29 01:44:19 2004 => Total Number of Files Renamed: 0
Tue Jun 29 01:44:19 2004 => Total Number of Deleted Files: 0
Tue Jun 29 01:44:19 2004 => Total Number of Errors: 4
Tue Jun 29 01:44:19 2004 => Time Elapsed: 00:00:39
Tue Jun 29 01:44:19 2004 => Virus Database Date: 2004/06/20
Tue Jun 29 01:44:19 2004 => Virus Database Count: 95240

Tue Jun 29 01:44:20 2004 => Scan Completed.

Tue Jun 29 01:45:13 2004 => Virus Database Date: 2004/06/20
Tue Jun 29 01:45:13 2004 => Virus Database Count: 95240
Tue Jun 29 01:45:17 2004 => AV Library Unloaded (3)...
Tue Jun 29 01:48:19 2004 => **********************************************************
Tue Jun 29 01:48:19 2004 => eScan AntiVirus Toolkit Utility.
Tue Jun 29 01:48:19 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Tue Jun 29 01:48:19 2004 => **********************************************************
Tue Jun 29 01:48:19 2004 => Version 4.2.4
Tue Jun 29 01:48:19 2004 => Log File: C:\DOKUME~1\mmait\LOKALE~1\Temp\mwav.log
Tue Jun 29 01:48:19 2004 => Database Path in KL Key: C:\Programme\Gemeinsame Dateien\KAV Shared Files\Bases.
Tue Jun 29 01:48:19 2004 => Latest Date of files in KL key: 09 Dec 2003 13:03:32.
Tue Jun 29 01:48:19 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25.
Tue Jun 29 01:48:27 2004 => AV Library Loaded...
Tue Jun 29 01:48:27 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavss.exe
Tue Jun 29 01:48:27 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\Getvlist.exe
Tue Jun 29 01:48:27 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavss.dll
Tue Jun 29 01:48:27 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavssdi.dll
Tue Jun 29 01:48:27 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavssi.dll
Tue Jun 29 01:48:27 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavvlg.dll
Tue Jun 29 01:48:27 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\msvlclnt.dll
Tue Jun 29 01:48:27 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\ipc.dll
Tue Jun 29 01:48:27 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\main.avi
Tue Jun 29 01:48:27 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\virus.avi
Tue Jun 29 01:48:27 2004 => Virus Database Date: 2004/06/20
Tue Jun 29 01:48:27 2004 => Virus Database Count: 95240

Tue Jun 29 01:48:49 2004 => **********************************************************
Tue Jun 29 01:48:49 2004 => eScan AntiVirus Toolkit Utility.
Tue Jun 29 01:48:49 2004 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Tue Jun 29 01:48:49 2004 =>
Tue Jun 29 01:48:49 2004 => Support: support@mwti.net
Tue Jun 29 01:48:49 2004 => Web: http://www.mwti.net
Tue Jun 29 01:48:49 2004 => **********************************************************
Tue Jun 29 01:48:49 2004 => Version 4.2.4
Tue Jun 29 01:48:49 2004 => Log File: C:\DOKUME~1\mmait\LOKALE~1\Temp\mwav.log
Tue Jun 29 01:48:49 2004 => Database Path in KL Key: C:\Programme\Gemeinsame Dateien\KAV Shared Files\Bases.
Tue Jun 29 01:48:49 2004 => Latest Date of files in KL key: 09 Dec 2003 13:03:32.
Tue Jun 29 01:48:49 2004 => Latest Date of files inside MWAV: 20 Jun 2004 15:17:25.

Tue Jun 29 01:48:49 2004 => Options Selected by User:
Tue Jun 29 01:48:49 2004 => Memory Check: Enabled
Tue Jun 29 01:48:49 2004 => Registry Check: Enabled
Tue Jun 29 01:48:49 2004 => StartUp Folder Check: Enabled
Tue Jun 29 01:48:49 2004 => System Folder Check: Disabled
Tue Jun 29 01:48:49 2004 => System Area Check: Disabled
Tue Jun 29 01:48:49 2004 => Services Check: Enabled
Tue Jun 29 01:48:49 2004 => Drive Check Option Disabled
Tue Jun 29 01:48:49 2004 => Scanning Type: Scan And Clean
Tue Jun 29 01:48:49 2004 => Folder Check: Disabled

Tue Jun 29 01:48:49 2004 => ***** Scanning Memory Files *****
Tue Jun 29 01:48:49 2004 => Scanning File C:\WINDOWS\system32\services.exe
Tue Jun 29 01:48:49 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Jun 29 01:48:49 2004 => Scanning File C:\WINDOWS\System32\Ati2evxx.exe
Tue Jun 29 01:48:49 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:48:49 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:48:49 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Tue Jun 29 01:48:49 2004 => Scanning File D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
Tue Jun 29 01:48:49 2004 => Scanning File I:\Programme\Antivirus-Profi-Paket\AVKService.exe
Tue Jun 29 01:48:50 2004 => Scanning File I:\Programme\Antivirus-Profi-Paket\AVKWCtl.exe
Tue Jun 29 01:48:50 2004 => Scanning File C:\WINDOWS\system32\Ati2evxx.exe
Tue Jun 29 01:48:50 2004 => Scanning File C:\WINDOWS\Explorer.EXE
Tue Jun 29 01:48:50 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
Tue Jun 29 01:48:50 2004 => Scanning File C:\PROGRA~1\GFI\LANGUA~1\sscansvc.exe
Tue Jun 29 01:48:50 2004 => Scanning File C:\PROGRA~1\Alcatel\SPEEDT~1\Dragdiag.exe
Tue Jun 29 01:48:50 2004 => Scanning File D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
Tue Jun 29 01:48:51 2004 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\atiptaxx.exe
Tue Jun 29 01:48:51 2004 => Scanning File C:\PROGRA~1\ATIMUL~1\RemCtrl\ATIRW.exe
Tue Jun 29 01:48:51 2004 => Scanning File H:\PROGRA~1\SPYBOT~1\TeaTimer.exe
Tue Jun 29 01:48:51 2004 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Tue Jun 29 01:48:51 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:48:51 2004 => Scanning File C:\WINDOWS\System32\rundll32.exe
Tue Jun 29 01:48:51 2004 => Scanning File C:\DOKUME~1\mmait\Desktop\projekt\firfox\mwav.exe
Tue Jun 29 01:48:53 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\mwavscan.com
Tue Jun 29 01:48:53 2004 => Scanning File C:\DOKUME~1\mmait\LOKALE~1\Temp\kavss.exe

Tue Jun 29 01:48:53 2004 => ***** Scanning Registry Files *****
Tue Jun 29 01:48:53 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Tue Jun 29 01:48:53 2004 => Scanning File C:\WINDOWS\Explorer.exe
Tue Jun 29 01:48:53 2004 => Scanning File C:\WINDOWS\system32\userinit.exe
Tue Jun 29 01:48:53 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Jun 29 01:48:53 2004 => Scanning File C:\PROGRA~1\Alcatel\SPEEDT~1\Dragdiag.exe
Tue Jun 29 01:48:54 2004 => Scanning File H:\PROGRA~1\SPYBOT~1\SpybotSD.exe
Tue Jun 29 01:48:54 2004 => Scanning File D:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
Tue Jun 29 01:48:54 2004 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\atiptaxx.exe
Tue Jun 29 01:48:54 2004 => Scanning File C:\PROGRA~1\KASPER~1\KASPER~1\ogrc.exe
Tue Jun 29 01:48:55 2004 => Scanning File C:\PROGRA~1\KASPER~1\KASPER~1\avpcc.exe
Tue Jun 29 01:48:55 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Tue Jun 29 01:48:55 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Tue Jun 29 01:48:55 2004 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Tue Jun 29 01:48:55 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Tue Jun 29 01:48:55 2004 => Scanning File C:\PROGRA~1\ATIMUL~1\RemCtrl\ATIRW.exe
Tue Jun 29 01:48:55 2004 => Scanning File H:\PROGRA~1\SPYBOT~1\TeaTimer.exe
Tue Jun 29 01:48:55 2004 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Tue Jun 29 01:48:55 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Tue Jun 29 01:48:55 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Tue Jun 29 01:48:55 2004 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Tue Jun 29 01:48:55 2004 => Scanning HKCR\txtfile\shell\open\command
Tue Jun 29 01:48:55 2004 => Scanning HKCR\comfile\shell\open\command
Tue Jun 29 01:48:55 2004 => Scanning HKCR\exefile\shell\open\command
Tue Jun 29 01:48:55 2004 => Scanning HKCR\dllfile\shell\open\command
Tue Jun 29 01:48:55 2004 => Scanning HKCR\batfile\shell\open\command
Tue Jun 29 01:48:55 2004 => Scanning HKCR\piffile\shell\open\command
Tue Jun 29 01:48:55 2004 => Scanning HKCR\scrfile\shell\open\command
Tue Jun 29 01:48:55 2004 => Scanning HKCR\scrfile\shell\config\command
Tue Jun 29 01:48:55 2004 => Scanning HKCR\regfile\shell\open\command

Tue Jun 29 01:48:55 2004 => ***** Scanning StartUp Folders *****

Tue Jun 29 01:48:55 2004 => ***** Scanning C:\Dokumente und Einstellungen\mmait\Startmenü\Programme\Autostart Folder *****
Tue Jun 29 01:48:55 2004 => Scanning Folder: C:\Dokumente und Einstellungen\mmait\Startmenü\Programme\Autostart\*.*
Tue Jun 29 01:48:55 2004 => Scanning File C:\Dokumente und Einstellungen\mmait\Startmenü\Programme\Autostart\desktop.ini

Tue Jun 29 01:48:55 2004 => ***** Scanning C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Folder *****
Tue Jun 29 01:48:55 2004 => Scanning Folder: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\*.*
Tue Jun 29 01:48:55 2004 => Scanning File C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

Tue Jun 29 01:48:55 2004 => ***** Scanning Service Files *****
Tue Jun 29 01:48:55 2004 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Tue Jun 29 01:48:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys
Tue Jun 29 01:48:55 2004 => Scanning File C:\WINDOWS\System32\drivers\aec.sys
Tue Jun 29 01:48:55 2004 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Tue Jun 29 01:48:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\alcan5wn.sys
Tue Jun 29 01:48:55 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\alcaudsl.sys
Tue Jun 29 01:48:55 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:48:55 2004 => Scanning File C:\WINDOWS\System32\alg.exe
Tue Jun 29 01:48:55 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:48:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys
Tue Jun 29 01:48:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys
Tue Jun 29 01:48:56 2004 => Scanning File C:\WINDOWS\System32\Ati2evxx.exe
Tue Jun 29 01:48:56 2004 => Scanning File C:\WINDOWS\system32\ati2sgag.exe
Tue Jun 29 01:48:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
Tue Jun 29 01:48:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atinrvxx.sys
Tue Jun 29 01:48:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atintuxx.sys
Tue Jun 29 01:48:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atinraxx.sys
Tue Jun 29 01:48:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atinxsxx.sys
Tue Jun 29 01:48:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys
Tue Jun 29 01:48:56 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:48:56 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys
Tue Jun 29 01:48:56 2004 => Scanning File D:\PROGRA~1\GRISOFT\AVG6\AVGCORE.SYS
Tue Jun 29 01:48:56 2004 => Scanning File D:\PROGRA~1\GRISOFT\AVG6\AVGFSH.SYS
Tue Jun 29 01:48:56 2004 => Scanning File D:\PROGRA~1\Grisoft\AVG6\avgserv.exe
Tue Jun 29 01:48:56 2004 => Scanning File C:\WINDOWS\SYSTEM32\AVKWFILT.SYS
Tue Jun 29 01:48:56 2004 => Scanning File I:\Programme\Antivirus-Profi-Paket\AVKService.exe
Tue Jun 29 01:48:57 2004 => Scanning File I:\Programme\Antivirus-Profi-Paket\AVKWCtl.exe
Tue Jun 29 01:48:57 2004 => Scanning File C:\WINDOWS\SYSTEM32\AVKFSAVP.SYS
Tue Jun 29 01:48:57 2004 => Scanning File C:\PROGRA~1\KASPER~1\KASPER~1\avpcc.exe
Tue Jun 29 01:48:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\axsaki.sys
Tue Jun 29 01:48:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\axskbus.sys
Tue Jun 29 01:48:57 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:48:57 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:48:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
Tue Jun 29 01:48:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
Tue Jun 29 01:48:57 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys
Tue Jun 29 01:48:58 2004 => Scanning File C:\WINDOWS\System32\cisvc.exe
Tue Jun 29 01:48:58 2004 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Tue Jun 29 01:48:58 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Tue Jun 29 01:48:58 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:48:58 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:48:58 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys
Tue Jun 29 01:48:58 2004 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Tue Jun 29 01:48:58 2004 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys
Tue Jun 29 01:48:59 2004 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys
Tue Jun 29 01:48:59 2004 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys
Tue Jun 29 01:48:59 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:48:59 2004 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys
Tue Jun 29 01:48:59 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:48:59 2004 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys
Tue Jun 29 01:48:59 2004 => Scanning File C:\WINDOWS\System32\drivers\enodpl.sys
Tue Jun 29 01:48:59 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:48:59 2004 => Scanning File C:\WINDOWS\system32\services.exe
Tue Jun 29 01:48:59 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:48:59 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\gameenum.sys
Tue Jun 29 01:49:00 2004 => ERROR!!! Invalid Entry \??\F:\INSTALL\GMSIPCI.SYS in SYSTEM\CurrentControlSet\Services\GMSIPCI...
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\Drivers\hwi4857.sys
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\imapi.exe
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys
Tue Jun 29 01:49:00 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys
Tue Jun 29 01:49:00 2004 => Scanning File C:\PROGRA~1\KASPER~1\KASPER~1\avpm.exe
Tue Jun 29 01:49:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Tue Jun 29 01:49:01 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\KLIF.SYS
Tue Jun 29 01:49:01 2004 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys
Tue Jun 29 01:49:01 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:01 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:01 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:01 2004 => Scanning File C:\PROGRA~1\GFI\LANGUA~1\sscansvc.exe
Tue Jun 29 01:49:01 2004 => Scanning File C:\WINDOWS\System32\drivers\OVSound2.sys
Tue Jun 29 01:49:01 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:01 2004 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Tue Jun 29 01:49:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys
Tue Jun 29 01:49:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Tue Jun 29 01:49:01 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\msdtc.exe
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\msiexec.exe
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\drivers\MSTEE.sys
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\drivers\msmpu401.sys
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\atinmdxx.sys
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\NdisIP.sys
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\system32\netdde.exe
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Jun 29 01:49:02 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:03 2004 => Scanning File C:\WINDOWS\System32\Drivers\MDSHA031.sys
Tue Jun 29 01:49:03 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:03 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Jun 29 01:49:03 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:49:03 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Tue Jun 29 01:49:03 2004 => Scanning File C:\WINDOWS\System32\nvsvc32.exe
Tue Jun 29 01:49:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
Tue Jun 29 01:49:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
Tue Jun 29 01:49:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys
Tue Jun 29 01:49:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys
Tue Jun 29 01:49:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\pciide.sys
Tue Jun 29 01:49:04 2004 => ERROR!!! Invalid Entry \??\C:\DOKUME~1\mmait\LOKALE~1\Temp\pfsvgae.sys in SYSTEM\CurrentControlSet\Services\pfsvgae...
Tue Jun 29 01:49:04 2004 => Scanning File C:\WINDOWS\system32\services.exe
Tue Jun 29 01:49:04 2004 => Scanning File C:\WINDOWS\System32\lsass.exe
Tue Jun 29 01:49:04 2004 => Scanning File C:\WINDOWS\System32\Drivers\PortRST.sys
Tue Jun 29 01:49:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys
Tue Jun 29 01:49:04 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys
Tue Jun 29 01:49:04 2004 => Scanning File C:\WINDOWS\System32\drivers\prodrv06.sys
Tue Jun 29 01:49:17 2004 => Scanning File C:\WINDOWS\System32\drivers\prohlp02.sys
Tue Jun 29 01:49:36 2004 => Scanning File C:\WINDOWS\System32\drivers\prosync1.sys
Tue Jun 29 01:49:36 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Jun 29 01:49:36 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys
Tue Jun 29 01:49:36 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys
Tue Jun 29 01:49:36 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\OVCE.sys
Tue Jun 29 01:49:36 2004 => ERROR!!! Invalid Entry C:\Programme\RadLinker\RadClock.exe in SYSTEM\CurrentControlSet\Services\RadClock...
Tue Jun 29 01:49:36 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RadProbe.sys
Tue Jun 29 01:49:36 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys
Tue Jun 29 01:49:36 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\SYSTEM32\RAVGD.SYS
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\locator.exe
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\rsvp.exe
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys
Tue Jun 29 01:49:37 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:38 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:49:38 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys
Tue Jun 29 01:49:38 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\Ser*hier nicht!*.sys
Tue Jun 29 01:49:38 2004 => Scanning File C:\WINDOWS\System32\drivers\sfhlp01.sys
Tue Jun 29 01:49:38 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:38 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:38 2004 => Scanning File C:\WINDOWS\System32\Drivers\SilvrLnk.sys
Tue Jun 29 01:49:38 2004 => Scanning File C:\WINDOWS\System32\drivers\sis7012.sys
Tue Jun 29 01:49:38 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sisagp.sys
Tue Jun 29 01:49:38 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\SLIP.sys
Tue Jun 29 01:49:38 2004 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys
Tue Jun 29 01:49:38 2004 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Tue Jun 29 01:49:38 2004 => Scanning File C:\PROGRA~1\GEMEIN~1\SONYSH~1\AVLib\Sptisrv.exe
Tue Jun 29 01:49:38 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Tue Jun 29 01:49:39 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:39 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys
Tue Jun 29 01:49:39 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:39 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SSHDRV65.SYS
Tue Jun 29 01:49:39 2004 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SSHDRV76.SYS
Tue Jun 29 01:49:39 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:39 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\StreamIP.sys
Tue Jun 29 01:49:39 2004 => Scanning File C:\WINDOWS\SYSTEM32\SVKP.SYS
Tue Jun 29 01:49:39 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys
Tue Jun 29 01:49:39 2004 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys
Tue Jun 29 01:49:39 2004 => Scanning File C:\WINDOWS\System32\dllhost.exe
Tue Jun 29 01:49:39 2004 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys
Tue Jun 29 01:49:40 2004 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Tue Jun 29 01:49:40 2004 => Scanning File C:\WINDOWS\System32\drivers\tandpl.sys
Tue Jun 29 01:49:40 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:40 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys
Tue Jun 29 01:49:40 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys
Tue Jun 29 01:49:40 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:40 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:40 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:49:40 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\ATINTTXX.sys
Tue Jun 29 01:49:40 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys
Tue Jun 29 01:49:40 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:40 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:40 2004 => Scanning File C:\WINDOWS\System32\ups.exe
Tue Jun 29 01:49:40 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Tue Jun 29 01:49:41 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys
Tue Jun 29 01:49:41 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbohci.sys
Tue Jun 29 01:49:41 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\usbprint.sys
Tue Jun 29 01:49:41 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Tue Jun 29 01:49:41 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\USR7900.SYS
Tue Jun 29 01:49:41 2004 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Tue Jun 29 01:49:41 2004 => Scanning File C:\WINDOWS\System32\vssvc.exe
Tue Jun 29 01:49:41 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:41 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys
Tue Jun 29 01:49:41 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\wceusbsh.sys
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\svchost.exe
Tue Jun 29 01:49:42 2004 => ERROR!!! Invalid Entry C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe in SYSTEM\CurrentControlSet\Services\x10nets...

Tue Jun 29 01:49:42 2004 => ***** Scanning Important System Files *****
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\winsock.dll
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\ws2_32.dll
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\ws2help.dll
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\wsock32.dll
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\wscript.exe
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\wshatm.dll
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\wshcon.dll
Tue Jun 29 01:49:42 2004 => Scanning File C:\WINDOWS\System32\wshext.dll
Tue Jun 29 01:49:43 2004 => Scanning File C:\WINDOWS\System32\wship6.dll
Tue Jun 29 01:49:43 2004 => Scanning File C:\WINDOWS\System32\wshisn.dll
Tue Jun 29 01:49:43 2004 => Scanning File C:\WINDOWS\System32\wshnetbs.dll
Tue Jun 29 01:49:43 2004 => Scanning File C:\WINDOWS\System32\wshom.ocx
Tue Jun 29 01:49:43 2004 => Scanning File C:\WINDOWS\System32\WshRm.dll
Tue Jun 29 01:49:43 2004 => Scanning File C:\WINDOWS\System32\wsnmp32.dll
Tue Jun 29 01:49:43 2004 => Scanning File C:\WINDOWS\System32\wshde.dll
Tue Jun 29 01:49:43 2004 => Scanning File C:\WINDOWS\System32\wstdecod.dll
Tue Jun 29 01:49:43 2004 => Scanning File C:\WINDOWS\explorer.exe
Tue Jun 29 01:49:43 2004 => Scanning File C:\WINDOWS\explorer.scf
Tue Jun 29 01:49:43 2004 => Scanning File C:\WINDOWS\notepad.exe
Tue Jun 29 01:49:43 2004 => Scanning File C:\WINDOWS\System32\cmd.exe
Tue Jun 29 01:49:43 2004 => Scanning File C:\WINDOWS\System32\cmd.ftp
Tue Jun 29 01:49:43 2004 => Scanning File C:\WINDOWS\System32\kernel32.dll
Tue Jun 29 01:49:45 2004 => Scanning File C:\WINDOWS\System32\ntoskrnl.exe
Tue Jun 29 01:49:46 2004 => Scanning File C:\WINDOWS\System32\ntkrnlpa.exe
Tue Jun 29 01:49:46 2004 => Scanning File C:\WINDOWS\System32\hal.dll
Tue Jun 29 01:49:46 2004 => Scanning File C:\WINDOWS\System32\win32k.sys
Tue Jun 29 01:49:46 2004 => Scanning File C:\WINDOWS\System32\ntdll.dll
Tue Jun 29 01:49:46 2004 => Scanning File C:\WINDOWS\System32\advapi32.dll
Tue Jun 29 01:49:46 2004 => Scanning File C:\WINDOWS\System32\user32.dll
Tue Jun 29 01:49:47 2004 => Scanning File C:\WINDOWS\System32\gdi32.dll
Tue Jun 29 01:49:47 2004 => Scanning File C:\WINDOWS\System32\bootvid.dll
Tue Jun 29 01:49:48 2004 => Scanning File C:\WINDOWS\System32\command.com

Tue Jun 29 01:49:48 2004 => ***** Checking for specific ITW Viruses *****
Tue Jun 29 01:49:48 2004 => Checking for Welchia Virus...
Tue Jun 29 01:49:48 2004 => Checking for LovGate Virus...
Tue Jun 29 01:49:48 2004 => Checking for CodeRed Virus...
Tue Jun 29 01:49:48 2004 => Checking for OpaServ Virus...
Tue Jun 29 01:49:48 2004 => Checking for Sobig.e Virus...
Tue Jun 29 01:49:48 2004 => Checking for Winupie Virus...
Tue Jun 29 01:49:48 2004 => Checking for Swen Virus...
Tue Jun 29 01:49:48 2004 => Checking for JS.Fortnight Virus...
Tue Jun 29 01:49:48 2004 => Checking for Novarg Virus...

Tue Jun 29 01:49:48 2004 => ***** Scanning complete. *****

Tue Jun 29 01:49:48 2004 => Total Number of Files Scanned: 276
Tue Jun 29 01:49:48 2004 => Total Number of Virus(es) Found: 0
Tue Jun 29 01:49:48 2004 => Total Number of Disinfected Files: 0
Tue Jun 29 01:49:48 2004 => Total Number of Files Renamed: 0
Tue Jun 29 01:49:48 2004 => Total Number of Deleted Files: 0
Tue Jun 29 01:49:48 2004 => Total Number of Errors: 4
Tue Jun 29 01:49:48 2004 => Time Elapsed: 00:00:59
Tue Jun 29 01:49:48 2004 => Virus Database Date: 2004/06/20
Tue Jun 29 01:49:48 2004 => Virus Database Count: 95240

Tue Jun 29 01:49:48 2004 => Scan Completed.