Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Zlob.IT.3

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.04.2006, 10:46   #1
kv90
 
TR/Zlob.IT.3 - Standard

TR/Zlob.IT.3



Hallo,
Ich habe seit Tagen den im Titel gnannten Trojaner auf meinem Rechner und noch TR/Drop.Zlob.JT.2. Wie kriege ich diese wieder weg? Danke im Vorraus
Hier mein Logfile aus der Datfind.bat:

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F8AD-4C14

Verzeichnis von C:\WINDOWS\system32

10.04.2006 11:35 8.192 interf.tlb
10.04.2006 10:52 5.040 ncompat.tlb
10.04.2006 10:20 4.286 ot.ico
10.04.2006 10:20 17.828 nvctrl.exe
10.04.2006 10:20 4.286 ts.ico
10.04.2006 10:19 32.781 ld87AE.tmp
09.04.2006 18:23 116.651 AdobeFnt.lst
08.04.2006 23:32 2.206 wpa.dbl
08.04.2006 19:28 374.064 perfh009.dat
08.04.2006 19:28 384.216 perfh007.dat
08.04.2006 19:28 50.532 perfc009.dat
08.04.2006 19:28 61.096 perfc007.dat
08.04.2006 19:28 767.944 PerfStringBackup.INI
08.04.2006 09:31 15.872 unst.exe
28.03.2006 18:53 49.152 AdService.dll
27.03.2006 20:20 169.896 FNTCACHE.DAT
06.03.2006 20:50 113 NemuAudio08.ini
05.03.2006 14:51 5.886 qtplugin.log
22.02.2006 05:46 256.512 ati2dvag.dll
22.02.2006 05:41 114.688 atipdlxx.dll
22.02.2006 05:40 77.824 Oemdspif.dll
22.02.2006 05:40 26.112 Ati2mdxx.exe
22.02.2006 05:40 40.960 ati2edxx.dll
22.02.2006 05:40 61.440 ati2evxx.dll
22.02.2006 05:39 405.504 ati2evxx.exe
22.02.2006 05:38 53.248 ATIDDC.DLL
22.02.2006 05:30 2.636.672 ati3duag.dll
22.02.2006 05:27 6.684.672 atioglx1.dll
22.02.2006 05:24 860.480 ativvaxx.dll
22.02.2006 05:20 307.200 atiiiexx.dll
22.02.2006 05:11 5.124.096 atioglxx.dll
22.02.2006 05:11 151.552 atikvmag.dll
22.02.2006 05:10 17.408 atitvo32.dll
22.02.2006 05:04 258.048 ati2cqag.dll
22.02.2006 04:21 282.624 ATIDEMGR.dll
21.02.2006 22:05 520.192 ati2sgag.exe
13.02.2006 22:29 121.995 atiicdxx.dat
22.01.2006 20:22 56.930 HCW_ChanDB.LOG
18.01.2006 14:05 57.344 avsda.dll
17.12.2005 19:45 28 mcheck.mhf
16.12.2005 14:42 98.304 CmdLineExt.dll
02.12.2005 20:20 6.005 atifglpf.xml
28.09.2005 15:35 61.136 xinput9_1_0.dll
19.09.2005 19:15 1.919 AUTOEXEC.NT
19.09.2005 19:06 8.628 CMMGR32.GID
15.09.2005 18:55 458.752 mgxoschk.dll
27.08.2005 23:09 8.192 tsbyuv.dll
27.08.2005 21:11 5.308 d3d9caps.dat
10.08.2005 00:13 831.488 libeay32.dll
10.08.2005 00:13 159.744 ssleay32.dll
10.08.2005 00:12 3.596.288 qt-dx331.dll
10.08.2005 00:12 3.136 dtu_de.qm
22.07.2005 19:59 2.319.568 d3dx9_27.dll
21.07.2005 08:46 3.799 jupdate-1.5.0_04-b05.log
18.07.2005 09:05 1.047.552 mfc71u.dll
05.07.2005 23:28 1.212.416 NCTAudioInformation2.dll
05.07.2005 23:28 458.752 NCTAudioPlayer2.dll
05.07.2005 23:28 876.544 NCTAudioEditor2.dll
05.07.2005 23:28 1.986.560 NCTAudioFile2.dll
05.07.2005 23:28 454.656 NCTAudioRecord2.dll
05.07.2005 23:28 602.112 NCTAudioTransform2.dll
24.06.2005 16:24 438.272 vp6vfw.dll
24.06.2005 16:15 540.745 hcwtvwnd.dll
24.06.2005 10:56 294.912 HCWChMgr.ocx
11.06.2005 02:42 65.536 hcwChMgr.deu
11.06.2005 01:34 77.824 hcwTVDlg.deu
11.06.2005 01:34 65.536 hcwDlg.deu
11.06.2005 01:33 61.440 hcwChan.deu
08.06.2005 14:56 151.552 hcwChDB.dll
03.06.2005 03:52 127.078 javaws.exe
03.06.2005 03:52 49.265 jpicpl32.cpl
03.06.2005 02:24 49.250 javaw.exe
03.06.2005 02:24 49.248 java.exe
02.06.2005 21:35 5.120 Thumbs.db
29.05.2005 16:36 94 zbq_Q1ssg.ini
26.05.2005 17:38 22.308 HcwChDB.tlb
26.05.2005 16:34 2.297.552 d3dx9_26.dll
14.05.2005 12:11 2.957 jupdate-1.5.0_01-b08.log
10.05.2005 21:08 43.520 CmdLineExt03.dll
07.05.2005 10:51 1.051.992 MRT.exe
04.05.2005 14:45 2.890.240 msi.dll
04.05.2005 14:45 15.072 spmsg.dll
30.04.2005 15:31 172.544 cncs32.dll
29.04.2005 22:14 139.324 hcwecp.ax
22.04.2005 13:16 131.072 HCWPsiParser.ax
19.04.2005 11:58 147.495 rmoc3260.dll
19.04.2005 11:58 5.632 pndx5032.dll
19.04.2005 11:58 6.656 pndx5016.dll
19.04.2005 11:58 278.528 pncrt.dll
13.04.2005 11:44 81.920 hcwSplit.ax
09.04.2005 23:17 401.408 DLLAV32.dll
09.04.2005 23:17 36.864 DLLPNT32.dll
09.04.2005 23:17 49.152 DLLIO32.dll
09.04.2005 23:17 155.648 DLLDEV32.dll
09.04.2005 23:17 143.360 DLLDRV32.dll
09.04.2005 23:17 32.768 STRING32.dll
09.04.2005 23:17 188.416 DLLRES32.dll
09.04.2005 22:05 27.807 mgxcdr.txt
06.04.2005 17:53 172.101 hcwmux.ax
30.03.2005 15:16 69.632 hcwPP2PP.ocx
25.03.2005 11:20 23.392 nscompat.tlb
25.03.2005 11:20 16.832 amcompat.tlb
21.03.2005 15:00 271.360 msihnd.dll
21.03.2005 15:00 884.736 msimsg.dll
21.03.2005 15:00 15.360 msisip.dll
21.03.2005 15:00 78.848 msiexec.exe
18.03.2005 17:19 2.337.488 d3dx9_25.dll
14.03.2005 14:14 21.840 SIntfNT.dll
14.03.2005 14:14 17.212 SIntf32.dll
14.03.2005 14:14 12.067 SIntf16.dll
14.03.2005 06:13 269 spupdwxp.log
14.03.2005 04:34 0 TFTP1820
13.03.2005 22:42 25.065 wmpscheme.xml
13.03.2005 22:38 261 $winnt$.inf
13.03.2005 22:35 2.951 CONFIG.NT
13.03.2005 22:34 488 logonui.exe.manifest
13.03.2005 22:34 488 WindowsLogon.manifest
13.03.2005 22:34 749 ncpa.cpl.manifest
13.03.2005 22:34 749 wuaucpl.cpl.manifest
13.03.2005 22:34 749 sapi.cpl.manifest
13.03.2005 22:34 749 nwc.cpl.manifest
13.03.2005 22:34 749 cdplayer.exe.manifest
13.03.2005 22:33 21.740 emptyregdb.dat
13.03.2005 22:31 0 h323log.txt
11.03.2005 16:32 196.664 hcwpnp32.dll
10.03.2005 10:04 146.432 msrating.dll
10.03.2005 10:04 1.483.776 shdocvw.dll
10.03.2005 10:04 474.112 shlwapi(3).dll
10.03.2005 10:04 3.010.560 mshtml.dll
10.03.2005 10:04 662.528 wininet(3).dll
10.03.2005 10:04 662.528 wininet.dll
10.03.2005 10:04 474.112 shlwapi.dll
10.03.2005 10:04 605.696 urlmon.dll
10.03.2005 10:04 605.696 urlmon(3).dll
10.03.2005 10:04 1.016.832 browseui(2).dll
10.03.2005 10:04 1.016.832 browseui.dll
10.03.2005 10:04 96.768 inseng.dll
10.03.2005 10:04 152.064 cdfview.dll
10.03.2005 10:04 250.880 iepeers.dll
02.03.2005 20:09 56.832 authz.dll
02.03.2005 20:09 578.560 user32.dll
02.03.2005 20:09 291.840 winsrv.dll
02.03.2005 20:06 2.181.632 ntoskrnl.exe
02.03.2005 20:06 2.059.136 ntkrnlpa.exe
02.03.2005 20:06 1.836.416 win32k.sys
01.03.2005 01:11 8.491.008 shell32.dll
21.02.2005 15:36 69.632 hcwsched.dll
18.02.2005 19:36 73.728 hcwFRead.ax
17.02.2005 18:59 53.248 hcwFWrit.ax
16.02.2005 15:18 90.184 NeroCo.dll
05.02.2005 19:45 2.222.800 d3dx9_24.dll
04.02.2005 14:37 131.072 hcwsched.ocx
14.01.2005 10:57 74.752 olecli32.dll
14.01.2005 10:57 1.285.120 ole32.dll
14.01.2005 10:57 395.776 rpcss.dll
14.01.2005 10:57 37.888 olecnv32.dll
12.01.2005 16:29 69.696 CHSUITE.OCX

Hier mein HJT Log:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Premium\sched.exe
C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvctrl.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\WinTV\Ir.exe
C:\Programme\DeTeWe\TA 33 USB\Capictrl.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w**.marktplatz.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von osnatel
O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hp8944.tmp (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [routcnf] C:\Programme\DeTeWe\TA 33 USB\routcnf.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.marktplatz.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{94265C38-CDC8-4636-8CF7-366DC340E17C}: NameServer = 212.95.97.144 212.95.108.3
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O23 - Service: AntiVir Mail Security Service (AntiVirMailService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Engine Service (AVEService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

Geändert von kv90 (10.04.2006 um 11:12 Uhr)

Alt 10.04.2006, 11:20   #2
stupormundi
 
TR/Zlob.IT.3 - Standard

TR/Zlob.IT.3



Servus!

Wenn schon datfind.bat dann bitte alle 4 Logs. (Die Dateien der letzten 2-3 Monate reichen)
Wenn schon HJT dann bitte mit Kopf.

Arbeite mal das durch und poste anschließend die zitierten Logs (escan, 'C:\smitfiles.txt' und neues HJT-Log) und die vier Logs der datfind.bat

stupormundi
__________________

__________________

Alt 11.04.2006, 10:02   #3
kv90
 
TR/Zlob.IT.3 - Standard

TR/Zlob.IT.3



Moin
Ich habe mich dort durchgearbeitet und das kam dabei heraus:

eScan:
Mon Apr 10 13:55:13 2006 => **********************************************************
Mon Apr 10 13:55:13 2006 => eScan AntiVirus Toolkit Utility.
Mon Apr 10 13:55:13 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Mon Apr 10 13:55:13 2006 => **********************************************************
Mon Apr 10 13:55:13 2006 => Source: C:\DOKUME~1\Kai\EIGENE~1\DOWNLO~1\mwav.exe
Mon Apr 10 13:55:13 2006 => Version 8.2.2
Mon Apr 10 13:55:13 2006 => Protokolldatei: C:\DOKUME~1\Kai\LOKALE~1\Temp\MWAV.LOG
Mon Apr 10 13:55:13 2006 => Datum und Uhrzeit des letzten Scans: 10.04.2006 12:55:11
Mon Apr 10 13:55:13 2006 => MWAV Registered: FALSE.
Mon Apr 10 13:55:13 2006 => OS Type: Windows Workstation
Mon Apr 10 13:55:13 2006 => Local Fixed Drives: c:\,f:\,z:\
Mon Apr 10 13:55:13 2006 => MWAV Mode: Only Scan files.
Mon Apr 10 13:55:13 2006 => Letztes Datum der MWAV Dateien: 06 Apr 2006 15:08:30.
Mon Apr 10 13:55:16 2006 => AV Bibliothek wird geladen...
Mon Apr 10 13:55:16 2006 => MWAV doing self scanning...
Mon Apr 10 13:55:16 2006 => Scanne Datei C:\DOKUME~1\Kai\LOKALE~1\Temp\kavss.exe
Mon Apr 10 13:55:16 2006 => Scanne Datei C:\DOKUME~1\Kai\LOKALE~1\Temp\Getvlist.exe
Mon Apr 10 13:55:16 2006 => Scanne Datei C:\DOKUME~1\Kai\LOKALE~1\Temp\kavss.dll
Mon Apr 10 13:55:16 2006 => Scanne Datei C:\DOKUME~1\Kai\LOKALE~1\Temp\kavssdi.dll
Mon Apr 10 13:55:16 2006 => Scanne Datei C:\DOKUME~1\Kai\LOKALE~1\Temp\kavssi.dll
Mon Apr 10 13:55:16 2006 => Scanne Datei C:\DOKUME~1\Kai\LOKALE~1\Temp\kavvlg.dll
Mon Apr 10 13:55:16 2006 => Scanne Datei C:\DOKUME~1\Kai\LOKALE~1\Temp\msvlclnt.dll
Mon Apr 10 13:55:16 2006 => Scanne Datei C:\DOKUME~1\Kai\LOKALE~1\Temp\ipc.dll
Mon Apr 10 13:55:16 2006 => Scanne Datei C:\DOKUME~1\Kai\LOKALE~1\Temp\main.avi
Mon Apr 10 13:55:16 2006 => Scanne Datei C:\DOKUME~1\Kai\LOKALE~1\Temp\virus.avi
Mon Apr 10 13:55:16 2006 => MWAV files are clean.
Mon Apr 10 13:55:24 2006 => Virus Database Date: 4/6/2006
Mon Apr 10 13:55:24 2006 => Virus Database Count: 186553

Mon Apr 10 13:55:41 2006 => **********************************************************
Mon Apr 10 13:55:41 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Mon Apr 10 13:55:41 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Mon Apr 10 13:55:41 2006 =>
Mon Apr 10 13:55:41 2006 => Support: support@mwti.net
Mon Apr 10 13:55:41 2006 => Web: http://www.mwti.net
Mon Apr 10 13:55:41 2006 => **********************************************************
Mon Apr 10 13:55:41 2006 => Version 8.2.2 (C:\DOKUME~1\Kai\LOKALE~1\Temp\mexe.com)
Mon Apr 10 13:55:41 2006 => Log File: C:\DOKUME~1\Kai\LOKALE~1\Temp\MWAV.LOG
Mon Apr 10 13:55:41 2006 => User Account: Kai
Mon Apr 10 13:55:41 2006 => Windows Root Folder: C:\WINDOWS
Mon Apr 10 13:55:41 2006 => Windows Sys32 Folder: C:\WINDOWS\system32
Mon Apr 10 13:55:41 2006 => OS: Windows XP
Mon Apr 10 13:55:41 2006 => Latest Date of files inside MWAV: 06 Apr 2006 15:08:30.

Mon Apr 10 13:55:41 2006 => Options Selected by User:
Mon Apr 10 13:55:41 2006 => Memory Check: Enabled
Mon Apr 10 13:55:41 2006 => Registry Check: Enabled
Mon Apr 10 13:55:41 2006 => StartUp Folder Check: Disabled
Mon Apr 10 13:55:41 2006 => System Folder Check: Disabled
Mon Apr 10 13:55:41 2006 => System Area Check: Disabled
Mon Apr 10 13:55:41 2006 => Services Check: Enabled
Mon Apr 10 13:55:41 2006 => Drive Check: Disabled
Mon Apr 10 13:55:41 2006 => All Drive Check :Enabled
Mon Apr 10 13:55:41 2006 => Folder Check: Disabled

Mon Apr 10 13:55:42 2006 => ***** Scanning Memory Files *****
Mon Apr 10 13:55:42 2006 => Scanning File C:\WINDOWS\System32\smss.exe
Mon Apr 10 13:55:42 2006 => Scanning File C:\WINDOWS\system32\ntdll.dll
Mon Apr 10 13:55:42 2006 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Mon Apr 10 13:55:42 2006 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Mon Apr 10 13:55:42 2006 => Scanning File C:\WINDOWS\system32\basesrv.dll
Mon Apr 10 13:55:42 2006 => Scanning File C:\WINDOWS\system32\winsrv.dll
Mon Apr 10 13:55:42 2006 => Scanning File C:\WINDOWS\system32\GDI32.dll
Mon Apr 10 13:55:42 2006 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Mon Apr 10 13:55:42 2006 => Scanning File C:\WINDOWS\system32\USER32.dll
Mon Apr 10 13:55:42 2006 => Scanning File C:\WINDOWS\system32\sxs.dll
Mon Apr 10 13:55:43 2006 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Mon Apr 10 13:55:43 2006 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Mon Apr 10 13:55:43 2006 => Scanning File C:\WINDOWS\system32\Apphelp.dll
Mon Apr 10 13:55:43 2006 => Scanning File C:\WINDOWS\system32\VERSION.dll
Mon Apr 10 13:55:43 2006 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Mon Apr 10 13:55:44 2006 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Mon Apr 10 13:55:44 2006 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Mon Apr 10 13:55:44 2006 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Mon Apr 10 13:55:44 2006 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Mon Apr 10 13:55:44 2006 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Mon Apr 10 13:55:44 2006 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Mon Apr 10 13:55:44 2006 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Mon Apr 10 13:55:45 2006 => Scanning File C:\WINDOWS\system32\USERENV.dll
Mon Apr 10 13:55:45 2006 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Mon Apr 10 13:55:45 2006 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Mon Apr 10 13:55:45 2006 => Scanning File C:\WINDOWS\system32\Secur32.dll
Mon Apr 10 13:55:45 2006 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Mon Apr 10 13:55:45 2006 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Mon Apr 10 13:55:45 2006 => Scanning File C:\WINDOWS\system32\WINTRUST.dll
Mon Apr 10 13:55:45 2006 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Mon Apr 10 13:55:45 2006 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Mon Apr 10 13:55:46 2006 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Mon Apr 10 13:55:46 2006 => Scanning File C:\WINDOWS\system32\MSGINA.dll
Mon Apr 10 13:55:46 2006 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Mon Apr 10 13:55:46 2006 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Mon Apr 10 13:55:46 2006 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Mon Apr 10 13:55:46 2006 => Scanning File C:\WINDOWS\system32\ODBC32.dll
Mon Apr 10 13:55:46 2006 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Mon Apr 10 13:55:46 2006 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
Mon Apr 10 13:55:47 2006 => Scanning File C:\WINDOWS\system32\odbcint.dll
Mon Apr 10 13:55:47 2006 => Scanning File C:\WINDOWS\system32\SHSVCS.dll
Mon Apr 10 13:55:47 2006 => Scanning File C:\WINDOWS\system32\sfc.dll
Mon Apr 10 13:55:47 2006 => Scanning File C:\WINDOWS\system32\sfc_os.dll
Mon Apr 10 13:55:47 2006 => Scanning File C:\WINDOWS\system32\ole32.dll
Mon Apr 10 13:55:47 2006 => Scanning File C:\WINDOWS\system32\WINMM.dll
Mon Apr 10 13:55:47 2006 => Scanning File C:\WINDOWS\system32\Ati2evxx.dll
Mon Apr 10 13:55:47 2006 => Scanning File C:\WINDOWS\system32\rsaenh.dll
Mon Apr 10 13:55:47 2006 => Scanning File C:\WINDOWS\system32\cscdll.dll
Mon Apr 10 13:55:48 2006 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Mon Apr 10 13:55:48 2006 => Scanning File C:\WINDOWS\system32\WinSCard.dll
Mon Apr 10 13:55:48 2006 => Scanning File C:\WINDOWS\system32\WTSAPI32.dll
Mon Apr 10 13:55:48 2006 => Scanning File C:\WINDOWS\system32\WINSPOOL.DRV
Mon Apr 10 13:55:48 2006 => Scanning File C:\WINDOWS\system32\MPR.dll
Mon Apr 10 13:55:48 2006 => Scanning File C:\WINDOWS\system32\UxTheme.dll
Mon Apr 10 13:55:48 2006 => Scanning File C:\WINDOWS\system32\SAMLIB.dll
Mon Apr 10 13:55:48 2006 => Scanning File C:\WINDOWS\system32\cscui.dll
Mon Apr 10 13:55:48 2006 => Scanning File C:\WINDOWS\system32\NTMARTA.DLL
Mon Apr 10 13:55:49 2006 => Scanning File C:\WINDOWS\system32\WLDAP32.dll
Mon Apr 10 13:55:49 2006 => Scanning File C:\WINDOWS\system32\COMRes.dll
Mon Apr 10 13:55:49 2006 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll
Mon Apr 10 13:55:49 2006 => Scanning File C:\WINDOWS\system32\CLBCATQ.DLL
Mon Apr 10 13:55:49 2006 => Scanning File C:\WINDOWS\system32\xpsp2res.dll
Mon Apr 10 13:55:50 2006 => Scanning File C:\WINDOWS\system32\services.exe
Mon Apr 10 13:55:50 2006 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Mon Apr 10 13:55:50 2006 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Mon Apr 10 13:55:50 2006 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Mon Apr 10 13:55:50 2006 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Mon Apr 10 13:55:50 2006 => Scanning File C:\WINDOWS\system32\ShimEng.dll
Mon Apr 10 13:55:50 2006 => Scanning File C:\WINDOWS\AppPatch\AcGenral.DLL
Mon Apr 10 13:55:51 2006 => Scanning File C:\WINDOWS\system32\MSACM32.dll
Mon Apr 10 13:55:51 2006 => Scanning File C:\WINDOWS\system32\eventlog.dll
Mon Apr 10 13:55:51 2006 => Scanning File C:\WINDOWS\system32\lsass.exe
Mon Apr 10 13:55:51 2006 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Mon Apr 10 13:55:51 2006 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Mon Apr 10 13:55:51 2006 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Mon Apr 10 13:55:51 2006 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Mon Apr 10 13:55:51 2006 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Mon Apr 10 13:55:51 2006 => Scanning File C:\WINDOWS\system32\msprivs.dll
Mon Apr 10 13:55:51 2006 => Scanning File C:\WINDOWS\system32\kerberos.dll
Mon Apr 10 13:55:52 2006 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Mon Apr 10 13:55:52 2006 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Mon Apr 10 13:55:52 2006 => Scanning File C:\WINDOWS\system32\netlogon.dll
Mon Apr 10 13:55:52 2006 => Scanning File C:\WINDOWS\system32\w32time.dll
Mon Apr 10 13:55:52 2006 => Scanning File C:\WINDOWS\system32\schannel.dll
Mon Apr 10 13:55:52 2006 => Scanning File C:\WINDOWS\system32\wdigest.dll
Mon Apr 10 13:55:52 2006 => Scanning File C:\WINDOWS\system32\scecli.dll
Mon Apr 10 13:55:52 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:55:52 2006 => Scanning File c:\windows\system32\rpcss.dll
Mon Apr 10 13:55:53 2006 => Scanning File C:\WINDOWS\system32\mswsock.dll
Mon Apr 10 13:55:53 2006 => Scanning File C:\WINDOWS\system32\avsda.dll
Mon Apr 10 13:55:53 2006 => Scanning File C:\WINDOWS\system32\hnetcfg.dll
Mon Apr 10 13:55:53 2006 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Mon Apr 10 13:55:53 2006 => Scanning File C:\WINDOWS\System32\wshisn.dll
Mon Apr 10 13:55:53 2006 => Scanning File C:\WINDOWS\system32\WSOCK32.dll
Mon Apr 10 13:55:53 2006 => Scanning File C:\WINDOWS\System32\winrnr.dll
Mon Apr 10 13:55:53 2006 => Scanning File C:\WINDOWS\system32\rasadhlp.dll
Mon Apr 10 13:55:53 2006 => Scanning File c:\windows\system32\cryptsvc.dll
Mon Apr 10 13:55:53 2006 => Scanning File c:\windows\system32\certcli.dll
Mon Apr 10 13:55:54 2006 => Scanning File c:\windows\system32\ATL.DLL
Mon Apr 10 13:55:54 2006 => Scanning File C:\WINDOWS\system32\CRYPTUI.dll
Mon Apr 10 13:55:54 2006 => Scanning File C:\WINDOWS\system32\WININET.dll
Mon Apr 10 13:55:54 2006 => Scanning File c:\windows\system32\ESENT.dll
Mon Apr 10 13:55:54 2006 => Scanning File c:\windows\system32\wbem\wmisvc.dll
Mon Apr 10 13:55:54 2006 => Scanning File C:\WINDOWS\system32\VSSAPI.DLL
Mon Apr 10 13:55:54 2006 => Scanning File c:\windows\system32\srsvc.dll
Mon Apr 10 13:55:54 2006 => Scanning File c:\windows\system32\POWRPROF.dll
Mon Apr 10 13:55:54 2006 => Scanning File c:\windows\pchealth\helpctr\binaries\pchsvc.dll
Mon Apr 10 13:55:55 2006 => Scanning File c:\windows\system32\dmserver.dll
Mon Apr 10 13:55:55 2006 => Scanning File C:\WINDOWS\System32\wbem\wbemcore.dll
Mon Apr 10 13:55:55 2006 => Scanning File C:\WINDOWS\System32\wbem\esscli.dll
Mon Apr 10 13:55:55 2006 => Scanning File C:\WINDOWS\System32\wbem\wbemcomn.dll
Mon Apr 10 13:55:55 2006 => Scanning File C:\WINDOWS\System32\wbem\FastProx.dll
Mon Apr 10 13:55:55 2006 => Scanning File C:\WINDOWS\System32\wbem\wmiutils.dll
Mon Apr 10 13:55:55 2006 => Scanning File C:\WINDOWS\System32\wbem\repdrvfs.dll
Mon Apr 10 13:55:55 2006 => Scanning File C:\WINDOWS\System32\wbem\wmiprvsd.dll
Mon Apr 10 13:55:55 2006 => Scanning File C:\WINDOWS\System32\wbem\wbemess.dll
Mon Apr 10 13:55:56 2006 => Scanning File C:\WINDOWS\System32\wbem\ncprov.dll
Mon Apr 10 13:55:56 2006 => Scanning File C:\WINDOWS\explorer.exe
Mon Apr 10 13:55:56 2006 => Scanning File C:\WINDOWS\system32\BROWSEUI.dll
Mon Apr 10 13:55:56 2006 => Scanning File C:\WINDOWS\system32\SHDOCVW.dll
Mon Apr 10 13:55:56 2006 => Scanning File C:\WINDOWS\System32\themeui.dll
Mon Apr 10 13:55:56 2006 => Scanning File C:\WINDOWS\System32\MSIMG32.dll
Mon Apr 10 13:55:56 2006 => Scanning File C:\WINDOWS\system32\msi.dll
Mon Apr 10 13:55:57 2006 => Scanning File C:\WINDOWS\system32\LINKINFO.dll
Mon Apr 10 13:55:57 2006 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Mon Apr 10 13:55:57 2006 => Scanning File C:\WINDOWS\system32\urlmon.dll
Mon Apr 10 13:55:57 2006 => Scanning File C:\WINDOWS\System32\ntlanman.dll
Mon Apr 10 13:55:57 2006 => Scanning File C:\WINDOWS\System32\NETUI0.dll
Mon Apr 10 13:55:57 2006 => Scanning File C:\WINDOWS\System32\NETUI1.dll
Mon Apr 10 13:55:57 2006 => Scanning File C:\WINDOWS\System32\NETRAP.dll
Mon Apr 10 13:55:57 2006 => Scanning File C:\WINDOWS\System32\drprov.dll
Mon Apr 10 13:55:57 2006 => Scanning File C:\WINDOWS\System32\davclnt.dll
Mon Apr 10 13:55:57 2006 => Scanning File C:\PROGRA~1\GEMEIN~1\Ahead\Lib\NERODI~1.DLL
Mon Apr 10 13:55:58 2006 => Scanning File C:\PROGRA~1\GEMEIN~1\Ahead\Lib\MFC71.DLL
Mon Apr 10 13:55:58 2006 => Scanning File C:\PROGRA~1\GEMEIN~1\Ahead\Lib\MSVCR71.dll
Mon Apr 10 13:55:58 2006 => Scanning File C:\PROGRA~1\GEMEIN~1\Ahead\Lib\MSVCP71.dll
Mon Apr 10 13:55:58 2006 => Scanning File C:\PROGRA~1\OPENOF~1.0\program\shlxthdl.dll
Mon Apr 10 13:55:59 2006 => Scanning File C:\PROGRA~1\OPENOF~1.0\program\uwinapi.dll
Mon Apr 10 13:55:59 2006 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
Mon Apr 10 13:55:59 2006 => Scanning File C:\PROGRA~1\OPENOF~1.0\program\STLPOR~1.DLL
Mon Apr 10 13:55:59 2006 => Scanning File C:\Programme\Adobe\ActiveX\PDFShell.dll
Mon Apr 10 13:55:59 2006 => Scanning File C:\WINDOWS\system32\browselc.dll
Mon Apr 10 13:55:59 2006 => Scanning File C:\WINDOWS\system32\MLANG.dll
Mon Apr 10 13:55:59 2006 => Scanning File C:\WINDOWS\system32\IMM32.dll
Mon Apr 10 13:56:00 2006 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Mon Apr 10 13:56:00 2006 => Scanning File C:\WINDOWS\system32\rtutils.dll
Mon Apr 10 13:56:00 2006 => Scanning File C:\WINDOWS\system32\credui.dll
Mon Apr 10 13:56:00 2006 => Scanning File C:\DOKUME~1\Kai\LOKALE~1\Temp\mexe.com
Mon Apr 10 13:56:00 2006 => Scanning File C:\DOKUME~1\Kai\LOKALE~1\Temp\msvlclnt.dll
Mon Apr 10 13:56:00 2006 => Scanning File C:\DOKUME~1\Kai\LOKALE~1\Temp\kavssdi.dll
Mon Apr 10 13:56:00 2006 => Scanning File C:\DOKUME~1\Kai\LOKALE~1\Temp\kavssd.dll
Mon Apr 10 13:56:00 2006 => Scanning File C:\DOKUME~1\Kai\LOKALE~1\Temp\kavssi.dll
Mon Apr 10 13:56:00 2006 => Scanning File C:\DOKUME~1\Kai\LOKALE~1\Temp\ipc.dll
Mon Apr 10 13:56:01 2006 => Scanning File C:\WINDOWS\system32\RICHED32.DLL
Mon Apr 10 13:56:01 2006 => Scanning File C:\WINDOWS\system32\RICHED20.dll
Mon Apr 10 13:56:01 2006 => Scanning File C:\DOKUME~1\Kai\LOKALE~1\Temp\PSAPI.DLL
Mon Apr 10 13:56:01 2006 => Scanning File C:\WINDOWS\system32\VDMDBG.DLL
Mon Apr 10 13:56:01 2006 => Scanning File C:\DOKUME~1\Kai\LOKALE~1\Temp\kavss.exe
Mon Apr 10 13:56:01 2006 => Scanning File C:\DOKUME~1\Kai\LOKALE~1\Temp\kavss.dll

Mon Apr 10 13:56:01 2006 => ***** Scanning Registry Files *****

Mon Apr 10 13:56:01 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Mon Apr 10 13:56:01 2006 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Mon Apr 10 13:56:01 2006 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Mon Apr 10 13:56:01 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Apr 10 13:56:01 2006 => Scanning File C:\WINDOWS\System32\stobject.dll
Mon Apr 10 13:56:01 2006 => Scanning File C:\WINDOWS\system32\upnpui.dll

Mon Apr 10 13:56:02 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Mon Apr 10 13:56:02 2006 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

Mon Apr 10 13:56:02 2006 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Mon Apr 10 13:56:02 2006 => Scanning File C:\Programme\Canon\Easy-WebPrint\Toolband.dll
Mon Apr 10 13:56:02 2006 => Scanning File C:\Programme\ICQToolbar\toolbaru.dll

Mon Apr 10 13:56:02 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Mon Apr 10 13:56:02 2006 => {7a932ed2-1737-4ab8-b84d-c71779958551} = C:\WINDOWS\system32\hp8D6B.tmp
Mon Apr 10 13:56:02 2006 => ERROR!!! Invalid Entry = C:\WINDOWS\system32\hp8D6B.tmp (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7a932ed2-1737-4ab8-b84d-c71779958551}). No Action Taken.
__________________

Alt 11.04.2006, 10:10   #4
kv90
 
TR/Zlob.IT.3 - Standard

TR/Zlob.IT.3



Mon Apr 10 13:56:02 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Mon Apr 10 13:56:02 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:02 2006 => Scanning File C:\WINDOWS\System32\browseui.dll

Mon Apr 10 13:56:02 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Mon Apr 10 13:56:02 2006 => Scanning File C:\WINDOWS\system32\mmsys.cpl
Mon Apr 10 13:56:02 2006 => Scanning File C:\WINDOWS\system32\icmui.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\system32\rshx32.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\system32\docprop.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\System32\themeui.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\system32\deskadp.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\system32\deskmon.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\system32\dssec.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\system32\SlayerXP.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\system32\shscrap.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\system32\diskcopy.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\system32\ntlanui2.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\System32\icmui.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\system32\icmui.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\system32\printui.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\system32\dskquoui.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\system32\syncui.dll
Mon Apr 10 13:56:03 2006 => Scanning File C:\WINDOWS\System32\hticons.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\fontext.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\icmui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\rshx32.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\deskperf.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\cryptext.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\cryptext.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\wiashext.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\wiashext.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\wiashext.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\wiashext.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\wiashext.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\remotepg.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\wuaucpl.cpl
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\wshext.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\PROGRA~1\GEMEIN~1\System\OLEDB~1\oledb32.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\mstask.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\mstask.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\mstask.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shmedia.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shmedia.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shmedia.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shmedia.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shmedia.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shmedia.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\sendmail.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\sendmail.dll
Mon Apr 10 13:56:04 2006 => Scanning File C:\WINDOWS\System32\occache.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\system32\zipfldr.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\system32\zipfldr.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\system32\zipfldr.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\cdfview.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\cdfview.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\cdfview.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\cdfview.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\cdfview.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\msieftp.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\docprop2.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\docprop2.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\docprop2.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\docprop2.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\docprop2.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\docprop2.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\dsquery.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\dsquery.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\dsquery.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\dsquery.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\dsuiext.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\dsuiext.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\mydocs.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\mydocs.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\mydocs.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\cscui.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\cscui.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\System32\cscui.dll
Mon Apr 10 13:56:05 2006 => Scanning File C:\WINDOWS\msagent\agentpsh.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\WINDOWS\System32\dfsshlex.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\WINDOWS\System32\photowiz.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\WINDOWS\System32\mmcshext.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\WINDOWS\system32\cabview.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\PROGRA~1\OUTLOO~1\wabfind.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\WINDOWS\system32\wmpshell.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\WINDOWS\system32\wmpshell.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\WINDOWS\system32\wmpshell.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Mon Apr 10 13:56:06 2006 => Scanning File C:\PROGRA~1\MICROS~2\Office10\OLKFSTUB.DLL
Mon Apr 10 13:56:06 2006 => Scanning File C:\PROGRA~1\MICROS~2\Office10\msohev.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\WINDOWS\System32\twext.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\WINDOWS\System32\twext.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\WINDOWS\System32\extmgr.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\PROGRA~1\GEMEIN~1\FOTONA~1\camview.dll
Mon Apr 10 13:56:06 2006 => Scanning File C:\WINDOWS\system32\Audiodev.dll
Mon Apr 10 13:56:07 2006 => Scanning File C:\WINDOWS\system32\Audiodev.dll
Mon Apr 10 13:56:07 2006 => Scanning File C:\PROGRA~1\Real\REALON~1\RPSHEL~1.DLL
Mon Apr 10 13:56:07 2006 => Scanning File C:\PROGRA~1\SIEMEN~1\DES\DESSHE~1.DLL
Mon Apr 10 13:56:07 2006 => Scanning File C:\PROGRA~1\SIEMEN~1\DES\DESSHE~1.DLL
Mon Apr 10 13:56:07 2006 => Scanning File C:\PROGRA~1\SIEMEN~1\DES\DESSHE~1.DLL
Mon Apr 10 13:56:07 2006 => Scanning File C:\Programme\ICQLite\ICQLiteShell.dll
Mon Apr 10 13:56:07 2006 => Scanning File C:\Programme\WinRAR\rarext.dll
Mon Apr 10 13:56:07 2006 => Scanning File C:\WINDOWS\system32\upnpui.dll
Mon Apr 10 13:56:07 2006 => Scanning File C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
Mon Apr 10 13:56:07 2006 => Scanning File C:\WINDOWS\system32\phototoys.dll
Mon Apr 10 13:56:07 2006 => Scanning File C:\PROGRA~1\ANTIVI~1\shlext.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\PROGRA~1\ATITEC~1\ATI.ACE\atiacmxx.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\PROGRA~1\OPENOF~1.0\program\shlxthdl.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\PROGRA~1\OPENOF~1.0\program\shlxthdl.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\PROGRA~1\OPENOF~1.0\program\shlxthdl.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\PROGRA~1\OPENOF~1.0\program\shlxthdl.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\PROGRA~1\GEMEIN~1\Ahead\Lib\NERODI~1.DLL
Mon Apr 10 13:56:08 2006 => Scanning File C:\PROGRA~1\GEMEIN~1\Ahead\Lib\NERODI~1.DLL
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\mscoree.dll

Mon Apr 10 13:56:08 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Mon Apr 10 13:56:08 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\Explorer.exe
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\userinit.exe
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\gptext.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\fdeploy.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\dskquota.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\gptext.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\gptext.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\iedkcs32.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\scecli.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\iedkcs32.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\scecli.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\appmgmts.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\gptext.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\Ati2evxx.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\crypt32.dll
Mon Apr 10 13:56:08 2006 => Scanning File C:\WINDOWS\system32\cryptnet.dll
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\cscdll.dll
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\sclgntfy.dll
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\wlnotify.dll

Mon Apr 10 13:56:09 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Mon Apr 10 13:56:09 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Mon Apr 10 13:56:09 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Mon Apr 10 13:56:09 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDEBUG
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\drwtsn32.exe

Mon Apr 10 13:56:09 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\ntsd.exe

Mon Apr 10 13:56:09 2006 => Scanning HKCU\Control Panel\Desktop

Mon Apr 10 13:56:09 2006 => Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\ntvdm.exe
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\ntvdm.exe

Mon Apr 10 13:56:09 2006 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\inf\unregmp2.exe
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\RunDLL32.exe
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Mon Apr 10 13:56:09 2006 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\rundll32.exe
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\rundll32.exe
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\rundll32.exe
Mon Apr 10 13:56:09 2006 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Mon Apr 10 13:56:09 2006 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Mon Apr 10 13:56:10 2006 => Scanning File C:\WINDOWS\system32\ie4uinit.exe
Mon Apr 10 13:56:10 2006 => Scanning File C:\WINDOWS\system32\Rundll32.exe

Mon Apr 10 13:56:10 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Mon Apr 10 13:56:10 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Mon Apr 10 13:56:10 2006 => Scanning HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Run

Mon Apr 10 13:56:10 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run

Mon Apr 10 13:56:10 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mon Apr 10 13:56:10 2006 => ERROR!!! Invalid Entry routcnf = C:\Programme\DeTeWe\TA 33 USB\routcnf.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Mon Apr 10 13:56:10 2006 => Scanning File C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
Mon Apr 10 13:56:10 2006 => Scanning File C:\Programme\QuickTime\qttask.exe
Mon Apr 10 13:56:10 2006 => Scanning File C:\PROGRA~1\GEMEIN~1\Real\UPDATE~1\REALSC~1.EXE
Mon Apr 10 13:56:10 2006 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\atiptaxx.exe
Mon Apr 10 13:56:10 2006 => Scanning File C:\WINDOWS\SiSUSBrg.exe
Mon Apr 10 13:56:11 2006 => Scanning File C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Mon Apr 10 13:56:11 2006 => Scanning File C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\issch.exe
Mon Apr 10 13:56:11 2006 => Scanning File C:\PROGRA~1\ATITEC~1\ATIHYD~1\HydraDM.exe
Mon Apr 10 13:56:11 2006 => Scanning File C:\PROGRA~1\ANTIVI~1\avgnt.exe
Mon Apr 10 13:56:11 2006 => Scanning File C:\WINDOWS\system32\dumprep.exe
Mon Apr 10 13:56:11 2006 => Scanning File C:\PROGRA~1\ATITEC~1\ATI.ACE\cli.exe
Mon Apr 10 13:56:12 2006 => Scanning File C:\WINDOWS\system32\NeroCheck.exe
Mon Apr 10 13:56:12 2006 => Scanning File C:\Programme\Java\jre1.5.0_04\bin\jusched.exe

Mon Apr 10 13:56:12 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Mon Apr 10 13:56:12 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Mon Apr 10 13:56:12 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Mon Apr 10 13:56:12 2006 => ERROR!!! Invalid Entry SchedulingAgent = C:\WINDOWS\system32\mstask.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices). No Action Taken.

Mon Apr 10 13:56:12 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

Mon Apr 10 13:56:12 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mon Apr 10 13:56:12 2006 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Mon Apr 10 13:56:12 2006 => ERROR!!! Invalid Entry NBJ = "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Mon Apr 10 13:56:12 2006 => Scanning File C:\PROGRA~1\SPYBOT~1\TeaTimer.exe

Mon Apr 10 13:56:12 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Mon Apr 10 13:56:12 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Mon Apr 10 13:56:13 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Mon Apr 10 13:56:13 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup

Mon Apr 10 13:56:13 2006 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mon Apr 10 13:56:13 2006 => Scanning File C:\WINDOWS\System32\CTFMON.EXE
Mon Apr 10 13:56:13 2006 => ERROR!!! Invalid Entry MS Unix Binary = msmq2inst.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.

Mon Apr 10 13:56:13 2006 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Mon Apr 10 13:56:13 2006 => Scanning HKCR\txtfile\shell\open\command

Mon Apr 10 13:56:13 2006 => Scanning HKCR\comfile\shell\open\command

Mon Apr 10 13:56:13 2006 => Scanning HKCR\exefile\shell\open\command

Mon Apr 10 13:56:13 2006 => Scanning HKCR\dllfile\shell\open\command

Mon Apr 10 13:56:13 2006 => Scanning HKCR\batfile\shell\open\command

Mon Apr 10 13:56:13 2006 => Scanning HKCR\piffile\shell\open\command

Mon Apr 10 13:56:13 2006 => Scanning HKCR\scrfile\shell\open\command

Mon Apr 10 13:56:13 2006 => Scanning HKCR\scrfile\shell\config\command

Mon Apr 10 13:56:13 2006 => Scanning HKCR\regfile\shell\open\command

Mon Apr 10 13:56:13 2006 => Scanning HKCR\htmlfile\shell\open\command
Mon Apr 10 13:56:13 2006 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe

Mon Apr 10 13:56:13 2006 => Scanning HKCR\htafile\shell\open\command
Mon Apr 10 13:56:13 2006 => Scanning File C:\WINDOWS\System32\mshta.exe

Mon Apr 10 13:56:13 2006 => Scanning HKCR\jsfile\shell\open\command
Mon Apr 10 13:56:13 2006 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Apr 10 13:56:13 2006 => Scanning HKCR\jsefile\shell\open\command
Mon Apr 10 13:56:13 2006 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Apr 10 13:56:13 2006 => Scanning HKCR\vbsfile\shell\open\command
Mon Apr 10 13:56:13 2006 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Apr 10 13:56:13 2006 => Scanning HKCR\vbefile\shell\open\command
Mon Apr 10 13:56:13 2006 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Apr 10 13:56:13 2006 => Scanning HKCR\wshfile\shell\open\command
Mon Apr 10 13:56:13 2006 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Apr 10 13:56:13 2006 => Scanning HKCR\wsffile\shell\open\command
Mon Apr 10 13:56:13 2006 => Scanning File C:\WINDOWS\System32\WScript.exe

Alt 11.04.2006, 10:10   #5
kv90
 
TR/Zlob.IT.3 - Standard

TR/Zlob.IT.3



Mon Apr 10 13:56:14 2006 => ***** Scanning Service Files *****
Mon Apr 10 13:56:14 2006 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Mon Apr 10 13:56:14 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\a347bus.sys
Mon Apr 10 13:56:14 2006 => Scanning File C:\WINDOWS\system32\Drivers\a347scsi.sys
Mon Apr 10 13:56:14 2006 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\ACEDRV05.SYS
Mon Apr 10 13:56:14 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys
Mon Apr 10 13:56:14 2006 => Scanning File C:\WINDOWS\system32\drivers\aec.sys
Mon Apr 10 13:56:14 2006 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Mon Apr 10 13:56:14 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:56:14 2006 => Scanning File C:\WINDOWS\System32\alg.exe
Mon Apr 10 13:56:14 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\amdk7.sys
Mon Apr 10 13:56:14 2006 => Scanning File C:\PROGRA~1\ANTIVI~1\avmailc.exe
Mon Apr 10 13:56:14 2006 => Scanning File C:\PROGRA~1\ANTIVI~1\sched.exe
Mon Apr 10 13:56:14 2006 => Scanning File C:\PROGRA~1\ANTIVI~1\avguard.exe
Mon Apr 10 13:56:14 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:56:14 2006 => Scanning File C:\WINDOWS\system32\drivers\aspi32.sys
Mon Apr 10 13:56:14 2006 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\system32\Ati2evxx.exe
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\system32\ati2sgag.exe
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ATITool.sys
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys
Mon Apr 10 13:56:15 2006 => Scanning File C:\PROGRA~1\ANTIVI~1\avesvc.exe
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\avgntdd.sys
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\system32\drivers\avgntmgr.sys
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\system32\drivers\CDAC11BA.EXE
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\System32\Drivers\CAPI20.SYS
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
Mon Apr 10 13:56:15 2006 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\CDAC15BA.SYS
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\System32\cisvc.exe
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\System32\dllhost.exe
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\System32\drivers\detewecp.sys
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\drivers\dmio.sys
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\drivers\dmload.sys
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\System32\Drivers\dtscsi.sys
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\drivers\es1969.sys
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\services.exe
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\fdc.sys
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Mon Apr 10 13:56:16 2006 => Scanning File C:\WINDOWS\system32\drivers\fltmgr.sys
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\gameenum.sys
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\system32\drivers\hcw88aud.sys
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\system32\drivers\hcw88bda.sys
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\system32\Drivers\hcw88rc5.sys
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\system32\drivers\hcw88tse.sys
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\system32\drivers\hcw88tun.sys
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\system32\drivers\hcw88vid.sys
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\system32\drivers\HCW88BAR.sys
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\hidusb.sys
Mon Apr 10 13:56:17 2006 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\imapi.sys
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\System32\imapi.exe
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\system32\drivers\InCDFs.sys
Mon Apr 10 13:56:18 2006 => ERROR!!! Invalid Entry system32\drivers\InCDPass.sys in SYSTEM\CurrentControlSet\Services\InCDPass...
Mon Apr 10 13:56:18 2006 => ERROR!!! Invalid Entry system32\drivers\InCDRm.sys in SYSTEM\CurrentControlSet\Services\InCDRm...
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\system32\drivers\ip6fw.sys
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:56:18 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:18 2006 => Scanning File C:\PROGRA~1\GEMEIN~1\MICROS~1\VS7Debug\mdm.exe
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\MPE.sys
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\System32\msdtc.exe
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\msiexec.exe
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\drivers\MSTEE.sys
Mon Apr 10 13:56:19 2006 => ERROR!!! Invalid Entry \??\C:\DOKUME~1\Kai\LOKALE~1\Temp\musbehco.sys in SYSTEM\CurrentControlSet\Services\musbehco...
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\NdisIP.sys
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Mon Apr 10 13:56:19 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\netdde.exe
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\netdde.exe
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\lsass.exe
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\lsass.exe
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\parport.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\pciide.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\drivers\pfc.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\services.exe
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\System32\lsass.exe
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\raspptp.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\processr.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\System32\drivers\prodrv06.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\drivers\prohlp02.sys
Mon Apr 10 13:56:20 2006 => Scanning File C:\WINDOWS\system32\drivers\prosync1.sys
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\lsass.exe
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ptilink.sys
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\rasacd.sys
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\raspti.sys
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\rdbss.sys
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\redbook.sys
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\Drivers\RootMdm.sys
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\locator.exe
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\System32\rsvp.exe
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\lsass.exe
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\drivers\scsiport.sys
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\secdrv.sys
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:56:21 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ser2pl.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\serenum.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\serial.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\drivers\sfdrv01.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\drivers\sfhlp01.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\drivers\sfhlp02.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\drivers\sfsync02.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\drivers\sfvfs02.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\drivers\sis7012.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\sisnic.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\SLIP.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\drivers\splitter.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\Drivers\sptd.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\srv.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SSHDRV85.SYS
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\StreamIP.sys
Mon Apr 10 13:56:22 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\swenum.sys
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\drivers\swmidi.sys
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\System32\dllhost.exe
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\drivers\sysaudio.sys
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\tcpip.sys
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\termdd.sys
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\System32\tlntsvr.exe
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\Drivers\ulisa.sys
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\wdfmgr.exe
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\update.sys
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\System32\ups.exe
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\usbehci.sys
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\usbhub.sys
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\usbohci.sys
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\usbprint.sys
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\usbscan.sys
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Mon Apr 10 13:56:23 2006 => Scanning File C:\WINDOWS\System32\vssvc.exe
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\wanarp.sys
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\system32\drivers\wdmaud.sys
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\System32\drivers\ws2ifsl.sys
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\System32\svchost.exe

Mon Apr 10 13:56:24 2006 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD


Alt 11.04.2006, 10:12   #6
kv90
 
TR/Zlob.IT.3 - Standard

TR/Zlob.IT.3



Mon Apr 10 13:56:24 2006 => ***** Scanning Important System Files *****
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\system32\winsock.dll
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\wsdu.log
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\system32\ws2help.dll
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\system32\ws2_32.dll
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\system32\wscntfy.exe
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\system32\wscript.exe
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\system32\wscsvc.dll
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\system32\wscui.cpl
Mon Apr 10 13:56:24 2006 => Scanning File C:\WINDOWS\system32\wsecedit.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wsfaxmon.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wshatm.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wshbth.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wshcon.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wshde.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wshext.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wship6.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wshisn.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wshnetbs.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wshom.ocx
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wshrm.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wshtcpip.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wsnmp32.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wsock32.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wstdecod.dll
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wstpager.ax
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\wstrenderer.ax
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\system32\PowerToyReadme.htm
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\explorer.exe
Mon Apr 10 13:56:25 2006 => Scanning File C:\WINDOWS\explorer.scf
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\system32\rundll32.exe
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\system32\browseui.dll
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\notepad.exe
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\system32\notepad.exe
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\system32\cmd.exe
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\system32\kernel32.dll
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\system32\ntoskrnl.exe
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\system32\ntkrnlpa.exe
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\system32\HAL.DLL
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\system32\win32k.sys
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\system32\ntdll.dll
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\system32\advapi32.dll
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\system32\user32.dll
Mon Apr 10 13:56:26 2006 => Scanning File C:\WINDOWS\system32\gdi32.dll
Mon Apr 10 13:56:27 2006 => Scanning File C:\WINDOWS\system32\bootvid.dll
Mon Apr 10 13:56:27 2006 => Scanning File C:\WINDOWS\system32\command.com

Mon Apr 10 13:56:27 2006 => ***** Scanning Registry and File system for Adware/Spyware *****
Mon Apr 10 13:56:27 2006 => Loading Spyware Signatures from new External Database (Size: 154683).
Mon Apr 10 13:56:28 2006 => Indexed Spyware Databases Successfully Created...

Mon Apr 10 13:56:34 2006 => System found infected with cws.loadadv.400 Browser Hijacker ({5e2121ee-0300-11d4-8d3b-444553540000})! Action taken: No Action Taken.
Mon Apr 10 13:56:36 2006 => Offending Key found: HKLM\Software\kazaa !!!
Mon Apr 10 13:56:36 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Apr 10 13:56:36 2006 => Offending Key found: HKCU\Software\kazaa !!!
Mon Apr 10 13:56:36 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Apr 10 13:56:37 2006 => Offending file found: C:\WINDOWS\system32\objsafe.tlb
Mon Apr 10 13:56:37 2006 => System found infected with roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken.

Mon Apr 10 13:56:37 2006 => Offending file found: C:\WINDOWS\system32\plugin.dll
Mon Apr 10 13:56:37 2006 => System found infected with 007guard.com hijacker Spyware/Adware (plugin.dll)! Action taken: No Action Taken.

Mon Apr 10 13:56:40 2006 => Offending file found: C:\Dokumente und Einstellungen\Kai\Desktop\internet.lnk
Mon Apr 10 13:56:40 2006 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.

Mon Apr 10 13:56:40 2006 => Offending file found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\downloads\msagent.exe
Mon Apr 10 13:56:40 2006 => System found infected with bonzibuddy Spyware/Adware (msagent.exe)! Action taken: No Action Taken.

Mon Apr 10 13:56:40 2006 => Offending file found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\downloads\spchapi.exe
Mon Apr 10 13:56:40 2006 => System found infected with bonzibuddy Spyware/Adware (spchapi.exe)! Action taken: No Action Taken.

Mon Apr 10 13:56:40 2006 => Offending file found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\downloads\tv_enua.exe
Mon Apr 10 13:56:40 2006 => System found infected with bonzibuddy Spyware/Adware (tv_enua.exe)! Action taken: No Action Taken.

Mon Apr 10 13:56:40 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\eigene bilder\autos
Mon Apr 10 13:56:40 2006 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Apr 10 13:56:41 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\eigene bilder\rct3\autos
Mon Apr 10 13:56:41 2006 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Apr 10 13:56:42 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\Eigene Bilder\autos
Mon Apr 10 13:56:42 2006 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Apr 10 13:56:42 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\Eigene Bilder\rct3\autos
Mon Apr 10 13:56:42 2006 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.


Mon Apr 10 13:56:51 2006 => ***** Scanning All Drives *****
Mon Apr 10 13:56:51 2006 => Scanning C:\ Drive
Mon Apr 10 13:56:51 2006 => Scanning Folder: C:\*.*
Mon Apr 10 13:56:51 2006 => Scanning Folder: C:\!KillBox\*.*
Mon Apr 10 13:56:51 2006 => Scanning File C:\!KillBox\dfrgsrv.exe
Mon Apr 10 13:56:51 2006 => File C:\!KillBox\dfrgsrv.exe infected by "Trojan-Downloader.Win32.Zlob.jm" Virus! Action Taken: No Action Taken.

Mon Apr 10 13:56:51 2006 => Scanning Folder: C:\!KillBox\Logs\*.*
Mon Apr 10 13:56:51 2006 => Scanning File C:\!KillBox\Logs\kb.log
Mon Apr 10 13:56:51 2006 => Scanning File C:\!KillBox\ncompat.tlb
Mon Apr 10 13:56:51 2006 => Scanning File C:\!KillBox\ncompat.tlb( 1)
Mon Apr 10 13:56:51 2006 => Scanning File C:\!KillBox\ncompat.tlb( 2)
Mon Apr 10 13:56:51 2006 => Scanning Folder: C:\ATI\*.*
Mon Apr 10 13:56:51 2006 => Scanning Folder: C:\ATI\SUPPORT\*.*
Mon Apr 10 13:56:51 2006 => Scanning Folder: C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\*.*
Mon Apr 10 13:56:51 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\AtiCim.bin
Mon Apr 10 13:56:52 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\AtiCimUn.exe
Mon Apr 10 13:56:52 2006 => Scanning Folder: C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\*.*
Mon Apr 10 13:56:52 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\aticd64a.sys
Mon Apr 10 13:56:52 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\aticds10.dll
Mon Apr 10 13:56:52 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\AtiCIM.dll
Mon Apr 10 13:56:52 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\atiicdxx.dat
Mon Apr 10 13:56:52 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\atiicdxx.dll
Mon Apr 10 13:56:53 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\atiicdxx.exe
Mon Apr 10 13:56:53 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\atiicdxx.ini
Mon Apr 10 13:56:53 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\atiicdxx.msi
Mon Apr 10 13:56:53 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\atiicdxx.sys
Mon Apr 10 13:56:53 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\atiicdxx.vxd
Mon Apr 10 13:56:53 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\atricd6a.dft
Mon Apr 10 13:56:53 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\atricd6a.enu
Mon Apr 10 13:56:53 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\atricdxx.dft
Mon Apr 10 13:56:53 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\atricdxx.enu
Mon Apr 10 13:56:53 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\EnumDev.exe
Mon Apr 10 13:56:53 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\OEMInstall.bmp
Mon Apr 10 13:56:53 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\BIN\UpdatPnP.exe
Mon Apr 10 13:56:53 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CheckVer.exe
Mon Apr 10 13:56:54 2006 => Scanning Folder: C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\*.*
Mon Apr 10 13:56:54 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\27256_XP.REG
Mon Apr 10 13:56:54 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\CPanel.dat
Mon Apr 10 13:56:54 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\CPANEL.dll
Mon Apr 10 13:56:54 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\CP_XP.REG
Mon Apr 10 13:56:54 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\data1.cab
Mon Apr 10 13:56:54 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\data1.hdr
Mon Apr 10 13:56:54 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\data2.cab
Mon Apr 10 13:56:54 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\FGL_32.REG
Mon Apr 10 13:56:54 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\ikernel.ex_
Mon Apr 10 13:56:55 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\INSTALL.INI
Mon Apr 10 13:56:55 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\layout.bin
Mon Apr 10 13:56:55 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\Setup.exe
Mon Apr 10 13:56:55 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\Setup.ini
Mon Apr 10 13:56:55 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\setup.inx
Mon Apr 10 13:56:55 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\setup.iss
Mon Apr 10 13:56:55 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\CPanel\shortcut.iss
Mon Apr 10 13:56:55 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\data1.cab
Mon Apr 10 13:56:55 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\data1.hdr
Mon Apr 10 13:56:55 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\data2.cab
Mon Apr 10 13:56:55 2006 => Scanning Folder: C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\*.*
Mon Apr 10 13:56:55 2006 => Scanning Folder: C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\*.*
Mon Apr 10 13:56:55 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\atiiseag.ini
Mon Apr 10 13:56:55 2006 => Scanning Folder: C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\*.*
Mon Apr 10 13:56:55 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ati2cqag.dl_
Mon Apr 10 13:56:56 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ati2dvag.dl_
Mon Apr 10 13:56:56 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ati2edxx.dl_
Mon Apr 10 13:56:56 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ati2erec.dl_
Mon Apr 10 13:56:56 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ati2evxx.dl_
Mon Apr 10 13:56:56 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ati2evxx.ex_
Mon Apr 10 13:56:56 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ati2mdxx.ex_
Mon Apr 10 13:56:56 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ati2mtag.sy_
Mon Apr 10 13:56:57 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ati3duag.dl_
Mon Apr 10 13:56:57 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\atiddc.dl_
Mon Apr 10 13:56:57 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\atidemgr.dl_
Mon Apr 10 13:56:58 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\atifglpf.xml
Mon Apr 10 13:56:58 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\atiicdxx.dat
Mon Apr 10 13:56:58 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\atiiiexx.dll
Mon Apr 10 13:56:58 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\atikvmag.dl_
Mon Apr 10 13:56:58 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\atioglx1.dl_
Mon Apr 10 13:56:59 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\atioglxx.dl_
Mon Apr 10 13:57:00 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\atipdlxx.dl_
Mon Apr 10 13:57:01 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\atitvo32.dl_
Mon Apr 10 13:57:01 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ativcaxx.cpa
Mon Apr 10 13:57:01 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ativcaxx.vp
Mon Apr 10 13:57:01 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ativckxx.vp
Mon Apr 10 13:57:01 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ativcoxx.dl_
Mon Apr 10 13:57:01 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ativvaxx.dl_
Mon Apr 10 13:57:01 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\ativvpxx.vp
Mon Apr 10 13:57:01 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\B_27132\oemdspif.dl_
Mon Apr 10 13:57:01 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\C2_27256.inf
Mon Apr 10 13:57:01 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\CX_27256.cat
Mon Apr 10 13:57:01 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\2KXP_INF\CX_27256.inf
Mon Apr 10 13:57:01 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\C2_27256.INI
Mon Apr 10 13:57:02 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\CX_27256.INI
Mon Apr 10 13:57:02 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\data1.cab
Mon Apr 10 13:57:02 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\data1.hdr
Mon Apr 10 13:57:02 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\data2.cab
Mon Apr 10 13:57:02 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\Driver.dat
Mon Apr 10 13:57:02 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\Driver.DLL
Mon Apr 10 13:57:02 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\ikernel.ex_
Mon Apr 10 13:57:02 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\INSTALL.INI
Mon Apr 10 13:57:03 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\layout.bin
Mon Apr 10 13:57:03 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\Setup.exe
Mon Apr 10 13:57:03 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\Setup.ini
Mon Apr 10 13:57:03 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\setup.inx
Mon Apr 10 13:57:03 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\setup.iss
Mon Apr 10 13:57:03 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Driver\_setup.bmp
Mon Apr 10 13:57:03 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\DrvUI64A.exe
Mon Apr 10 13:57:03 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\ikernel.ex_
Mon Apr 10 13:57:04 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\install.ini
Mon Apr 10 13:57:04 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\issetup.exe
Mon Apr 10 13:57:04 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\layout.bin
Mon Apr 10 13:57:04 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\makensisw.exe
Mon Apr 10 13:57:04 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\psapi.dll
Mon Apr 10 13:57:04 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Setup.exe
Mon Apr 10 13:57:04 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\Setup.ini
Mon Apr 10 13:57:04 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\setup.inx
Mon Apr 10 13:57:04 2006 => Scanning Folder: C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\*.*
Mon Apr 10 13:57:04 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\data1.cab
Mon Apr 10 13:57:04 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\data1.hdr
Mon Apr 10 13:57:05 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\data2.cab
Mon Apr 10 13:57:05 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\ikernel.ex_
Mon Apr 10 13:57:05 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\install.ini
Mon Apr 10 13:57:05 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\layout.bin
Mon Apr 10 13:57:05 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\Setup.exe
Mon Apr 10 13:57:05 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\Setup.ini
Mon Apr 10 13:57:05 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\setup.inx
Mon Apr 10 13:57:05 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_ALL.dat
Mon Apr 10 13:57:06 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_ALL.dll
Mon Apr 10 13:57:06 2006 => Scanning Folder: C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\*.*
Mon Apr 10 13:57:06 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\WDM_NSP.ini
Mon Apr 10 13:57:06 2006 => Scanning Folder: C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\*.*
Mon Apr 10 13:57:06 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\atinbtxx.SYS
Mon Apr 10 13:57:06 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\atinesxx.SYS
Mon Apr 10 13:57:06 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\atineuxx.SYS
Mon Apr 10 13:57:06 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\atinevxx.SYS
Mon Apr 10 13:57:06 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\atinmdxx.SYS
Mon Apr 10 13:57:06 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\atinpdxx.SYS
Mon Apr 10 13:57:06 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\atinraxx.SYS
Mon Apr 10 13:57:06 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\atinsnxx.SYS
Mon Apr 10 13:57:06 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\atinspxp.cat
Mon Apr 10 13:57:06 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\atinspxp.inf
Mon Apr 10 13:57:06 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\atinttxx.SYS
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\atinxbxx.SYS
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\ATIVdaxx.AX
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\ativmc20.cod
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\ativmvxx.AX
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_NSP\XP\ativtmxx.DLL
Mon Apr 10 13:57:07 2006 => Scanning Folder: C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\*.*
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\WDM_SP.ini
Mon Apr 10 13:57:07 2006 => Scanning Folder: C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\*.*
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\atinbtxx.SYS
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\atinmdxx.SYS
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\atinpdxx.SYS
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\atinraxx.SYS
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\atinrvxx.SYS
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\atinsnxx.SYS
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\atinttxx.SYS
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\atintuxx.SYS
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\atinxbxx.SYS
Mon Apr 10 13:57:07 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\atinxsxx.SYS
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\ATIVdaxx.AX
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\ativmc20.cod
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\ativmvxx.AX
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\ativtmxx.DLL
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\atixpwdm.cat
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-10_xp-2k_dd_cp_wdm_27256\WDM_ALL\WDM_SP\XP\atixpwdm.inf

Alt 11.04.2006, 10:13   #7
kv90
 
TR/Zlob.IT.3 - Standard

TR/Zlob.IT.3



Mon Apr 10 13:57:08 2006 => Scanning Folder: C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\*.*
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1028.mst
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1029.mst
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1030.mst
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1031.mst
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1032.mst
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1033.mst
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1034.mst
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1035.mst
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1036.mst
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1038.mst
Mon Apr 10 13:57:08 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1040.mst
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1041.mst
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1042.mst
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1043.mst
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1044.mst
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1045.mst
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1046.mst
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1049.mst
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1053.mst
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1054.mst
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\1055.mst
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\2052.mst
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\2070.mst
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\3084.mst
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\ACE.dat
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\ACE.dll
Mon Apr 10 13:57:09 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\ATICCC.msi
Mon Apr 10 13:57:15 2006 => Scanning File C:\ATI\SUPPORT\5-13_xp-2k_ccc_29124\Data1.cab
Mon Apr 10 13:58:12 2006 => Please Wait Exiting Application...
Mon Apr 10 13:58:42 2006 => Scanning F:\ Drive
Mon Apr 10 13:58:43 2006 => Requesting CancelScan...
Mon Apr 10 13:58:43 2006 => Unable to Cancel Scan Successfully!!!
Mon Apr 10 13:58:43 2006 => Scan Cancelled by User

Mon Apr 10 13:58:43 2006 => Total Objects Scanned: 12272
Mon Apr 10 13:58:43 2006 => Total Critical Objects: 14
Mon Apr 10 13:58:43 2006 => Total Disinfected Objects: 0
Mon Apr 10 13:58:43 2006 => Total Objects Renamed: 0
Mon Apr 10 13:58:43 2006 => Total Deleted Objects: 0
Mon Apr 10 13:58:43 2006 => Total Errors: 8
Mon Apr 10 13:58:43 2006 => Time Elapsed: 00:03:00

Mon Apr 10 13:58:44 2006 => ***** Scanning complete. *****
Mon Apr 10 13:58:44 2006 => Virus Database Date: 4/6/2006
Mon Apr 10 13:58:44 2006 => Virus Database Count: 186553

Mon Apr 10 13:58:44 2006 => Scan Completed.

Mon Apr 10 13:58:51 2006 => Virus Database Date: 4/6/2006
Mon Apr 10 13:58:51 2006 => Virus Database Count: 186553
Mon Apr 10 13:58:55 2006 => AV Library Unloaded (3)...
Tue Apr 11 10:52:26 2006 => **********************************************************
Tue Apr 11 10:52:26 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Tue Apr 11 10:52:26 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Tue Apr 11 10:52:26 2006 => **********************************************************
Tue Apr 11 10:52:26 2006 => Version 8.2.2 (C:\Dokumente und Einstellungen\Kai\Lokale Einstellungen\Temp\mwavscan.com)
Tue Apr 11 10:52:26 2006 => Log File: C:\DOKUME~1\Kai\LOKALE~1\Temp\MWAV.LOG
Tue Apr 11 10:52:26 2006 => Last Scan Date and Time: 10.04.2006 13:55:41
Tue Apr 11 10:52:26 2006 => MWAV Registered: FALSE.
Tue Apr 11 10:52:26 2006 => OS Type: Windows Workstation
Tue Apr 11 10:52:26 2006 => Local Fixed Drives: c:\,f:\,z:\
Tue Apr 11 10:52:26 2006 => MWAV Mode: Only Scan files.
Tue Apr 11 10:52:31 2006 => Latest Date of files inside MWAV: 06 Apr 2006 15:08:30.


HJT:
Logfile of HijackThis v1.99.1
Scan saved at 10:50:11, on 11.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programme\AntiVir PersonalEdition Premium\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Adobe\Reader\reader_sl.exe
C:\Programme\WinTV\Ir.exe
C:\Programme\DeTeWe\TA 33 USB\Capictrl.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.marktplatz.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von osnatel
O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hp8D6B.tmp (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [routcnf] C:\Programme\DeTeWe\TA 33 USB\routcnf.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.marktplatz.de
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O23 - Service: AntiVir Mail Security Service (AntiVirMailService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Engine Service (AVEService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE


smitfiles.txt:

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]

Running from
C:\Dokumente und Einstellungen\Kai\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

1024 dir
ld****.tmp
ncompat.tlb
nvctrl.exe
hp***.tmp
logfiles


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 856 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN!

Alt 11.04.2006, 10:24   #8
stupormundi
 
TR/Zlob.IT.3 - Standard

TR/Zlob.IT.3



Servus!
Zitat:
Mon Apr 10 13:58:43 2006 => Unable to Cancel Scan Successfully!!!
Mon Apr 10 13:58:43 2006 => Scan Cancelled by User

Mon Apr 10 13:58:43 2006 => Total Objects Scanned: 12272
Mon Apr 10 13:58:43 2006 => Total Critical Objects: 14
Mon Apr 10 13:58:43 2006 => Total Disinfected Objects: 0
Mon Apr 10 13:58:43 2006 => Total Objects Renamed: 0
Mon Apr 10 13:58:43 2006 => Total Deleted Objects: 0
Mon Apr 10 13:58:43 2006 => Total Errors: 8
Mon Apr 10 13:58:43 2006 => Time Elapsed: 00:03:00
keine Geduld für escan und zum Lesen der Anleitung dazu?
Lass escan bitte ganz laufen so wie in der Anleitung beschrieben und poste vor allem die Funde wie ganz unten in der Anleitung beschrieben - nicht das ganze Logfile!

Und außerdem fehlen noch die Logs der datfind.bat (Dateien der letzten 2-3 Monate genügen)!

stupormundi
__________________
Unsichtbare Dateien suchen: Sehr gute Anleitung von Rene-gad:
WICHTIG: Alle aktiven links editieren (http-->h**p) und persönliche Informationen aus den Logfiles entfernen
Kein Support via PN - sorry!

Alt 12.04.2006, 21:59   #9
kv90
 
TR/Zlob.IT.3 - Standard

TR/Zlob.IT.3



Servus zurück!
Nun habe ich es ganz durchlaufen lassen und das kam raus:

eScan:
Tue Apr 11 21:03:20 2006 => System found infected with cws.loadadv.400 Browser Hijacker ({5e2121ee-0300-11d4-8d3b-444553540000})! Action taken: No Action Taken.
Tue Apr 11 21:03:22 2006 => Offending Key found: HKLM\Software\kazaa !!!
Tue Apr 11 21:03:22 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Apr 11 21:03:22 2006 => Offending Key found: HKCU\Software\kazaa !!!
Tue Apr 11 21:03:22 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Apr 11 21:03:23 2006 => Offending file found: C:\WINDOWS\system32\objsafe.tlb
Tue Apr 11 21:03:23 2006 => System found infected with roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken.

Tue Apr 11 21:03:23 2006 => Offending file found: C:\WINDOWS\system32\plugin.dll
Tue Apr 11 21:03:23 2006 => System found infected with 007guard.com hijacker Spyware/Adware (plugin.dll)! Action taken: No Action Taken.

Tue Apr 11 21:03:27 2006 => Offending file found: C:\Dokumente und Einstellungen\Kai\Desktop\internet.lnk
Tue Apr 11 21:03:27 2006 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.

Tue Apr 11 21:03:28 2006 => Offending file found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\downloads\msagent.exe
Tue Apr 11 21:03:28 2006 => System found infected with bonzibuddy Spyware/Adware (msagent.exe)! Action taken: No Action Taken.

Tue Apr 11 21:03:28 2006 => Offending file found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\downloads\spchapi.exe
Tue Apr 11 21:03:28 2006 => System found infected with bonzibuddy Spyware/Adware (spchapi.exe)! Action taken: No Action Taken.

Tue Apr 11 21:03:28 2006 => Offending file found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\downloads\tv_enua.exe
Tue Apr 11 21:03:28 2006 => System found infected with bonzibuddy Spyware/Adware (tv_enua.exe)! Action taken: No Action Taken.

Tue Apr 11 21:03:29 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\eigene bilder\autos
Tue Apr 11 21:03:29 2006 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Apr 11 21:03:29 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\eigene bilder\rct3\autos
Tue Apr 11 21:03:29 2006 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Apr 11 21:03:31 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\Eigene Bilder\autos
Tue Apr 11 21:03:31 2006 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Apr 11 21:03:31 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\Eigene Bilder\rct3\autos
Tue Apr 11 21:03:31 2006 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Tue Apr 11 21:03:39 2006 => File C:\!KillBox\dfrgsrv.exe infected by "Trojan-Downloader.Win32.Zlob.jm" Virus! Action Taken: No Action Taken.

Tue Apr 11 21:40:26 2006 => File C:\Dokumente und Einstellungen\Kai\Eigene Dateien\Downloads\crdwb5-a.exe infected by "Trojan-Downloader.Win32.Adload.q" Virus! Action Taken: No Action Taken.

Wed Apr 12 11:28:54 2006 => System found infected with cws.loadadv.400 Browser Hijacker ({5e2121ee-0300-11d4-8d3b-444553540000})! Action taken: No Action Taken.
Wed Apr 12 11:28:56 2006 => Offending Key found: HKLM\Software\kazaa !!!
Wed Apr 12 11:28:56 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Wed Apr 12 11:28:56 2006 => Offending Key found: HKCU\Software\kazaa !!!
Wed Apr 12 11:28:56 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Wed Apr 12 11:28:58 2006 => Offending file found: C:\WINDOWS\system32\objsafe.tlb
Wed Apr 12 11:28:58 2006 => System found infected with roings Spyware/Adware (objsafe.tlb)! Action taken: No Action Taken.

Wed Apr 12 11:28:58 2006 => Offending file found: C:\WINDOWS\system32\plugin.dll
Wed Apr 12 11:28:58 2006 => System found infected with 007guard.com hijacker Spyware/Adware (plugin.dll)! Action taken: No Action Taken.

Wed Apr 12 11:29:01 2006 => Offending file found: C:\Dokumente und Einstellungen\Kai\Desktop\internet.lnk
Wed Apr 12 11:29:01 2006 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.

Wed Apr 12 11:29:01 2006 => Offending file found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\downloads\msagent.exe
Wed Apr 12 11:29:01 2006 => System found infected with bonzibuddy Spyware/Adware (msagent.exe)! Action taken: No Action Taken.

Wed Apr 12 11:29:01 2006 => Offending file found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\downloads\spchapi.exe
Wed Apr 12 11:29:01 2006 => System found infected with bonzibuddy Spyware/Adware (spchapi.exe)! Action taken: No Action Taken.

Wed Apr 12 11:29:02 2006 => Offending file found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\downloads\tv_enua.exe
Wed Apr 12 11:29:02 2006 => System found infected with bonzibuddy Spyware/Adware (tv_enua.exe)! Action taken: No Action Taken.

Wed Apr 12 11:29:02 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\eigene bilder\autos
Wed Apr 12 11:29:02 2006 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Wed Apr 12 11:29:02 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\eigene bilder\rct3\autos
Wed Apr 12 11:29:02 2006 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Wed Apr 12 11:29:04 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\Eigene Bilder\autos
Wed Apr 12 11:29:04 2006 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Wed Apr 12 11:29:04 2006 => Offending Folder found: C:\Dokumente und Einstellungen\Kai\Eigene Dateien\Eigene Bilder\rct3\autos
Wed Apr 12 11:29:04 2006 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken.

Wed Apr 12 11:29:12 2006 => File C:\!KillBox\dfrgsrv.exe infected by "Trojan-Downloader.Win32.Zlob.jm" Virus! Action Taken: No Action Taken.

Wed Apr 12 11:51:49 2006 => File C:\Dokumente und Einstellungen\Kai\Eigene Dateien\Downloads\crdwb5-a.exe infected by "Trojan-Downloader.Win32.Adload.q" Virus! Action Taken: No Action Taken.

Wed Apr 12 14:07:58 2006 => File C:\WINDOWS\system32\unst.exe infected by "Trojan-Clicker.Win32.Small.iz" Virus! Action Taken: No Action Taken.

datfind.bat:
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: F8AD-4C14

Verzeichnis von C:\DOKUME~1\Kai\LOKALE~1\Temp

12.04.2006 22:40 16.384 Perflib_Perfdata_a74.dat
12.04.2006 22:40 16.384 Perflib_Perfdata_a84.dat
12.04.2006 22:40 16.384 Perflib_Perfdata_664.dat
12.04.2006 22:39 1.020 jusched.log
12.04.2006 16:48 0 TempCover2
12.04.2006 14:09 25.026.457 MWAV.LOG
12.04.2006 14:09 5.568 mwXface.log
11.04.2006 11:52 72.192 ~e5.0001
10.04.2006 13:55 241.664 MYDB.DLL
06.04.2006 18:04 6.389 smart.avc
06.04.2006 18:04 13.720 avp.klb
06.04.2006 18:04 3.726 krn003.avc
06.04.2006 18:04 38.647 krn002.avc
06.04.2006 18:04 1.708 daily-ex.avc
06.04.2006 18:04 39.098 daily.avc
06.04.2006 15:58 132.372 Spyware.sdb
06.04.2006 15:58 611.693 Cid.sdb
06.04.2006 15:58 154.683 spydb.old
06.04.2006 15:58 1.721.835 File1.sdb
06.04.2006 15:58 120.924 File2.sdb
06.04.2006 15:58 154.683 spydb.avs
06.04.2006 15:58 388.194 Dir.sdb
06.04.2006 14:15 81.300 virus016.avc
06.04.2006 14:15 16.842 unp000.avc
06.04.2006 14:15 54.519 unp003.avc
06.04.2006 14:15 60.982 unp015.avc
06.04.2006 14:15 49.976 troj015.avc
06.04.2006 14:15 49.887 base092.avc
06.04.2006 14:15 63.303 base007.avc
06.04.2006 14:15 48.781 base091.avc
06.04.2006 12:47 380.480 mexe.com
06.04.2006 12:47 380.480 mwavscan.com
05.04.2006 17:50 344.064 esupdate.exe
05.04.2006 13:15 122.880 msvlclnt.dll
05.04.2006 13:13 42.048 Getvlist.exe
03.04.2006 17:32 50.380 unp032.avc
03.04.2006 17:32 2.634 unp033.avc
03.04.2006 17:32 27.893 ext006.avc
03.04.2006 17:32 23.403 fa.avc
03.04.2006 17:32 49.964 base093.avc
03.04.2006 17:32 69.796 ca.avc
03.04.2006 17:32 36.742 base094.avc
03.04.2006 17:32 1.883 avp.set
01.04.2006 18:04 50.031 base075.avc
31.03.2006 17:03 29.097 unp021.avc
31.03.2006 17:03 55.442 unp011.avc
31.03.2006 17:03 27.828 unp004.avc
31.03.2006 17:03 113.003 krnexe32.avc
31.03.2006 17:03 48.562 base005.avc
31.03.2006 17:03 48.969 base080.avc
29.03.2006 18:47 340.992 MWAVReg.EXE
28.03.2006 12:57 47.543 unp027.avc
28.03.2006 12:57 13.947 ext999.avc
28.03.2006 12:57 47.688 ext004.avc
28.03.2006 12:57 49.671 base062.avc
24.03.2006 18:48 49.705 French.Age
24.03.2006 17:02 50.742 unp001.avc
24.03.2006 17:02 99.881 troj009.avc
24.03.2006 17:02 48.536 base090.avc
23.03.2006 16:28 29.489 krnengn.avc
23.03.2006 16:28 69.617 krn001.avc
22.03.2006 17:53 69.262 unp016.avc
22.03.2006 17:53 68.940 unp010.avc
22.03.2006 17:53 49.880 base087.avc
22.03.2006 17:53 49.905 base074.avc
21.03.2006 11:42 73.516 unp002.avc
21.03.2006 11:42 95.932 krnmacro.avc
21.03.2006 11:42 50.638 base081.avc
20.03.2006 15:14 45.570 unp031.avc
20.03.2006 15:14 20.613 unp029.avc
20.03.2006 15:14 44.873 unp028.avc
20.03.2006 15:14 71.551 unp023.avc
20.03.2006 15:14 48.001 ext002.avc
20.03.2006 15:14 49.734 ext005.avc
20.03.2006 15:14 49.815 base084.avc
17.03.2006 13:24 50.167 worm001.avc
17.03.2006 13:24 36.102 unp012.avc
17.03.2006 13:24 101.219 troj001.avc
17.03.2006 13:24 50.143 base073.avc
16.03.2006 15:38 99.226 krnunp.avc
14.03.2006 10:41 50.080 troj013.avc
14.03.2006 10:41 27.514 gen004.avc
14.03.2006 10:41 49.619 base088.avc
14.03.2006 10:41 49.907 base082.avc
14.03.2006 10:41 50.471 base078.avc
14.03.2006 10:41 50.158 base079.avc
10.03.2006 12:29 109.249 troj003.avc
10.03.2006 12:29 49.934 base089.avc
09.03.2006 16:42 5.610 German.dow
07.03.2006 18:43 35.138 Chinese.Age
07.03.2006 16:23 80.080 unp019.avc
07.03.2006 16:23 49.083 ext001.avc
07.03.2006 16:23 49.436 base086.avc
07.03.2006 16:23 48.305 base006.avc
03.03.2006 15:55 5.854 French.dow
03.03.2006 15:55 11.566 French.con
02.03.2006 16:46 98.816 MWAVL.exe
02.03.2006 16:21 48.230 unp026.avc
02.03.2006 16:21 43.794 gen999.avc
02.03.2006 16:21 47.905 ext003.avc
02.03.2006 16:21 49.485 base085.avc
02.03.2006 16:21 49.935 base069.avc
02.03.2006 16:21 50.049 base070.avc
02.03.2006 16:21 49.636 base067.avc
02.03.2006 16:21 49.880 base068.avc
02.03.2006 16:21 50.059 base066.avc
02.03.2006 16:21 50.085 base065.avc
02.03.2006 16:21 49.832 base063.avc
02.03.2006 16:21 49.932 base064.avc
02.03.2006 16:21 34.695 base061.avc
24.02.2006 15:44 38.898 unp020.avc
24.02.2006 15:44 44.684 unp018.avc
24.02.2006 15:44 49.291 base076.avc
24.02.2006 12:20 47.563 Portuguese.Age
21.02.2006 14:09 75.918 virus015.avc
20.02.2006 12:56 52.133 unp009.avc
20.02.2006 12:56 49.781 base083.avc
16.02.2006 19:10 4.059 Chinese.dow
16.02.2006 19:07 7.695 Chinese.con
16.02.2006 16:31 33.069 unp017.avc
13.02.2006 18:29 45.122 Finnish.Age
13.02.2006 18:29 48.199 Polish.Age
13.02.2006 18:29 48.447 Spanish.Age
13.02.2006 18:29 48.186 Spanishl.Age
13.02.2006 18:29 44.063 Romanian.Age
13.02.2006 18:29 55.671 Italian.Age
13.02.2006 18:29 58.170 German.Age
13.02.2006 18:24 36.548 virus020.avc
13.02.2006 18:03 42.421 English.Age
13.02.2006 18:03 42.421 language.ini
12.02.2006 20:09 13.929 kernel.avc
12.02.2006 20:09 47.120 gen002.avc
08.02.2006 19:09 78.450 virus011.avc
08.02.2006 19:09 74.132 virus007.avc
03.02.2006 17:26 49.490 base077.avc
01.02.2006 23:23 4.438 Chinese.lic
27.01.2006 15:14 101.713 troj005.avc
27.01.2006 15:14 50.834 troj014.avc
27.01.2006 15:14 32.771 krnexe.avc
24.01.2006 13:58 61.965 unp014.avc
22.01.2006 17:48 50.019 base071.avc
19.01.2006 18:16 51.739 worm003.avc
19.01.2006 18:16 50.070 base072.avc
18.01.2006 18:03 57.806 unp013.avc
18.01.2006 11:43 6.025 Polish.dow
17.01.2006 12:32 5.392 Finnish.dow
17.01.2006 12:32 5.852 Spanish.dow
17.01.2006 12:32 5.839 Spanishl.dow
17.01.2006 12:32 5.457 Romanian.dow
17.01.2006 12:32 5.796 Portuguese.dow
17.01.2006 12:32 5.479 Italian.dow
17.01.2006 11:16 491.520 Download.exe
17.01.2006 11:07 5.194 English.dow
17.01.2006 11:07 5.194 Download.lan
16.01.2006 17:55 55.162 unp030.avc
16.01.2006 17:55 48.234 unp025.avc
13.01.2006 16:33 13.830 German.con
05.01.2006 15:12 236.544 mwavl.old
03.01.2006 01:38 2.711 mwav.ini
02.01.2006 14:48 10.559 Finnish.con
02.01.2006 14:48 11.729 Polish.con
02.01.2006 14:48 10.866 Spanish.con
02.01.2006 14:48 10.884 Spanishl.con
02.01.2006 14:48 10.528 Romanian.con
02.01.2006 14:48 11.380 Portuguese.con
02.01.2006 14:48 10.015 Italian.con
01.01.2006 18:51 10.181 English.con
01.01.2006 18:51 10.181 config.lan
01.01.2006 17:40 77.379 virus012.avc
01.01.2006 17:40 61.884 unp005.avc
01.01.2006 17:40 50.197 troj020.avc
01.01.2006 17:40 56.594 troj022.avc
01.01.2006 17:40 14.254 mail.avc

P.S. Ich verstehe die Killbox nicht. Ich kann irgendwie immer nur eine Datei löschen auch wenn ich anklicke, dass er mehrere Dateien löschen soll

Antwort

Themen zu TR/Zlob.IT.3
adobe reader, antivir, avira, bho, cs3, drivers, ebay, excel, firefox, ftp, hijack, hijackthis, icq, icqtoolbar, internet, internet explorer, laufwerk c, logfile, microsoft, mozilla, mozilla firefox, programme, security, software, system, trojaner, usb, wieder weg, windows, windows\system32\drivers



Ähnliche Themen: TR/Zlob.IT.3


  1. 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay"
    Plagegeister aller Art und deren Bekämpfung - 30.04.2010 (12)
  2. zlob
    Log-Analyse und Auswertung - 22.11.2008 (1)
  3. TR/Zlob.CPW
    Plagegeister aller Art und deren Bekämpfung - 14.07.2008 (1)
  4. ZLob.AAV
    Log-Analyse und Auswertung - 21.03.2008 (2)
  5. Zlob?
    Plagegeister aller Art und deren Bekämpfung - 24.01.2008 (2)
  6. TR/Zlob.DCH
    Plagegeister aller Art und deren Bekämpfung - 06.01.2008 (1)
  7. Zlob?????
    Log-Analyse und Auswertung - 20.11.2007 (1)
  8. tr/zlob.brv
    Log-Analyse und Auswertung - 14.09.2007 (6)
  9. Zlob
    Mülltonne - 17.08.2007 (1)
  10. TR/Zlob.BRW.1
    Log-Analyse und Auswertung - 09.08.2007 (12)
  11. Befall durch TR/Crypt.F.Gen, TR/Dldr.Zlob.afw, TR/Zlob.ZU sowie TR/Agent
    Log-Analyse und Auswertung - 27.09.2006 (1)
  12. TR/zlob.gen.47 & .48 & .49 & .50
    Plagegeister aller Art und deren Bekämpfung - 10.09.2006 (4)
  13. TR/zlob.gen.47
    Plagegeister aller Art und deren Bekämpfung - 08.09.2006 (1)
  14. Zlob
    Plagegeister aller Art und deren Bekämpfung - 11.08.2006 (4)
  15. TR/Dldr.Zlob.KP und TR/Zlob.IT.3
    Log-Analyse und Auswertung - 19.04.2006 (11)
  16. TR/Zlob.IT3 und TR/Drop.Zlob.IT.2
    Plagegeister aller Art und deren Bekämpfung - 15.04.2006 (8)
  17. Trojaner TR/DLdr.ZLob.DR und TR/DLdr.ZLob.DQ und TR/ZLob.FG.2.C eingefangen. Was tun?
    Log-Analyse und Auswertung - 06.01.2006 (1)

Zum Thema TR/Zlob.IT.3 - Hallo, Ich habe seit Tagen den im Titel gnannten Trojaner auf meinem Rechner und noch TR/Drop.Zlob.JT.2. Wie kriege ich diese wieder weg? Danke im Vorraus Hier mein Logfile aus der - TR/Zlob.IT.3...
Archiv
Du betrachtest: TR/Zlob.IT.3 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.