HILFE!!!! Kann keinen neuen Benutzer "installieren" - hab ich ein virus ????
 

Logfile of HijackThis v1.99.1
Scan saved at 22:55:08, on 13.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\Dit.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\CNYHKey.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\vmmymutl.exe
C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Skype\Phone\Skype.exe
C:\Programme\MSI\Bluetooth Software\BTTray.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\PROGRA~1\GEMEIN~1\WinTools\WSup.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
C:\WINDOWS\system32\WISPTIS.EXE
D:\Programme\Opera7\Opera.exe
C:\Programme\Trillian\trillian.exe
C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Dokumente und Einstellungen\****\Desktop\hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w*w.websearch.com/ie.aspx?tb_id=50181
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w*w.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w*w.aldi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://w*w.websearch.com/ie.aspx?tb_id=50181
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w*w.couldnotfind.com/search_page.html?&account_id=63580
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w*w.websearch.com/ie.aspx?tb_id=50181
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ***.***.**.**:**
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: F1 Organizer Class - {00000EF1-0786-4633-87C6-1AA7A44296DA} - C:\WINDOWS\System32\ATPART~1.DLL (file missing)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [iniicl] C:\WINDOWS\system32\vmmymutl.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] "C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Trillian.lnk = C:\Programme\Trillian\trillian.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Alles mit FlashGet laden - D:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden - D:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programme\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {07E3F115-C445-480D-94CB-ECA914A353CE} - http://w*w.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://´*ww.aldi.com
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.219.181.7/cax.cab
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - h**p://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - h**p://software-dl.real.com/04a30f04300bfbf27206/netzip/RdxIE601_de.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/de/win/QuickTimeInstaller.exe
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - h**p://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - h**p://download.websearch.com/Dnl/T_50181/QDow_AS2.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} - h**p://playroom.icq.com/odyssey_web8.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - h**p://webcams.mtu.edu/webcam6/AxisCamControl.ocx
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - **tp://asp01.photoprintit.de/microsite/1119/defaults/activex/ImageUploader3.cab
O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http://w*w.xxxtoolbar.com/ist/softwares/v3.0/0006.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://w*w.real-euros.com/EPlugin.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - h**p://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Filter: application/hta - {D962EF38-5FB0-4761-8638-C86F085E25E6} - C:\WINDOWS\sysdll.reg
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - C:\WINDOWS\sysdll.reg
O18 - Filter: text/html - {BB9CAFC6-B1F5-48A0-B603-E30B1F11D87C} - C:\Dokumente und Einstellungen\Robert\Lokale Einstellungen\Anwendungsdaten\microsoft\internet explorer\V0.34.dat
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: MSTCS - Unknown owner - C:\WINDOWS\pchealth\Service.exe
O23 - Service: TskHlp - Unknown owner - C:\WINDOWS\pchealth\taskmgr.exe (file missing)
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe



danke schonmal im vorraus

mein pc ist zur zeit auch verdammt langsam :koch: ! weiss nciht woran das liegt! danke junxs
:heulen:

Gehe wie folgt vor:

Start-->Ausführen-->services.msc eingeben

Suche folgende Einträge:

MSTCS - Unknown owner
TskHlp - Unknown owner

Auf jeden dieser Einträge doppelklicken, dann das Button Beenden drücken und den Starttyp auf deaktiviert stellen.

Nun überprüfst du bitte folgende Dateien,dazu einfach den Pfadnamen in das entsprechende Feld kopieren:

C:\WINDOWS\pchealth\Service.exe
C:\WINDOWS\pchealth\taskmgr.exe

unter folgender Adresse:

http://virusscan.jotti.org/de/

und teilst uns das vollständige Ergebnis mit.

danke für die schnelle hilfe!



Datei: Service.exe
Status:
INFIZIERT/MALWARE (Anmerkung: diese Datei wurde bereits vorher gescannt. Die Scanergebnisse werden daher nicht in der Datenbank gespeichert.)
Entdeckte Packprogramme:
-

AntiVir
Keine Viren gefunden
ArcaVir
Keine Viren gefunden
Avast
Keine Viren gefunden
AVG Antivirus
Keine Viren gefunden
BitDefender
Trojan.Runas.C gefunden
ClamAV
Keine Viren gefunden
Dr.Web
Trojan.Runas gefunden
F-Prot Antivirus
Keine Viren gefunden
Fortinet
Spy/G6Service.A gefunden
Kaspersky Anti-Virus
Keine Viren gefunden
NOD32
Keine Viren gefunden
Norman Virus Control
Keine Viren gefunden
UNA
Keine Viren gefunden
VBA32
Trojan.Runas gefunden


Zuletzt gefundene Malware war file.pt, gefunden von:


Scanner Name der Malware
AntiVir X
ArcaVir X
Avast X
AVG Antivirus Dropper.Small.24.P
BitDefender BehavesLike:Win32.ExplorerHijack
ClamAV X
Dr.Web DLOADER.Trojan
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus X
NOD32 a variant of Win32/TrojanDownloader.Zlob.G
Norman Virus Control X
UNA X
VBA32 Trojan.Dropper.Small.4






bei C:\WINDOWS\pchealth\taskmgr.exe kommt das:

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file



ich hoffe das hilft dir weiter.

danke

Versuch mal letzgenannte Datei zu packen (z.B. mit Winrar) und lade das Archiv hier hoch:

http://www.kaspersky.com/de/scanforvirus

auch noch bei jotti versuchen.

Sollte das alles keinen Erfolg haben, lade die datei hier hoch, ggf. gepackt:

http://www.malwareupload.com/index.php

hmm ich würde das ja gerne machen, aber ich finde das file nicht in diesem ordner!!!!

habe mal mit der suche nach taskmgr.exe gesucht und folgendes bekommen:

C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe
C:\WINDOWS\Prefetch
C:\WINDOWS\system32
C:\WINDOWS\ServicePackFiles\i386

aber in deinem ordner ist keine exe drin nur .cat .cat .cat~ .dll .drv

so long

In den Ordnern ist auch die reuläre datei drin, dass ist normal.
Mach folgendes:

Windows explorer aufrufen, Extras-->Ordneroptionen

Jetzt Haken wegnehmen bei:

Geschützte Systemdateien ausblenden(empfohlen)

und folgendes aktivieren

Alle dateien und Ordner anzeigen

jetzt solltest du das File finden.

hab es so gemacht, aber sorry muss dich leider enttäuschen. da is nix mit taskmgr.exe :(((

was alles so drin ist:

Ordner:

ErrorRep
HelpCtr
UploadHB
UploadLB

Dateien:

cygcrypt-0.dll cygwin1.dll Service.exe system.exe taskmanager.ocx taskmgr.cat taskmgr.cat~ taskmgr.dll taskmgr.drv taskmgrdll.cat tskmgr.cat



so long

danke für die hilfe

leider kann ich nciht editieren, hmm ka warum!

also ich bin nochmals alles durchgegangen, doch leider finde ich diese shit datei nicht!

weiss da jemand rat?

so long

Dann check mal dein System mit Escan gegen:

http://www.trojaner-board.de/showthread.php?t=17492

Teile uns die Ergebnisse mit

ist ein bissl viel :P :(
ist zu groß fürs anhängen!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Oct 15 14:21:45 2005 => System found infected with bargainbuddy Spyware/Adware ({9388907f-82f5-434d-a941-bb802c6dd7c1})! Action taken: No Action Taken.
Sat Oct 15 14:21:45 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.
Sat Oct 15 14:21:45 2005 => System found infected with bearshare Spyware/Adware ({9f95f736-0f62-4214-a4b4-caa6738d4c07})! Action taken: No Action Taken.
Sat Oct 15 14:21:45 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
Sat Oct 15 14:21:45 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken.
Sat Oct 15 14:21:45 2005 => System found infected with Binet Spyware/Adware ({4534cd6b-59d6-43fd-864b-06a0d843444a})! Action taken: No Action Taken.
Sat Oct 15 14:21:45 2005 => System found infected with Binet Spyware/Adware ({690bccb4-6b83-4203-ae77-038c116594ec})! Action taken: No Action Taken.
Sat Oct 15 14:21:45 2005 => System found infected with bookedspace Spyware/Adware ({00320615-b6c2-40a6-8f99-f1c52d674fad})! Action taken: No Action Taken.
Sat Oct 15 14:21:45 2005 => System found infected with elitebarbho Spyware/Adware ({825cf5bd-8862-4430-b771-0c15c5ca8def})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with elitebarbho Spyware/Adware ({28caeff3-0f18-4036-b504-51d73bd81abc})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with FlashGet Spyware/Adware ({a5366673-e8ca-11d3-9cd9-0090271d075b})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with FlashGet Spyware/Adware ({e0e899ab-f487-11d5-8d29-0050ba6940e3})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with gain.gator Spyware/Adware ({21ffb6c0-0da1-11d5-a9d5-00500413153c})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with ibis Spyware/Adware ({8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with ibis Spyware/Adware ({708be496-e202-497b-bc31-9cf47e3bf8d6})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with ibis Spyware/Adware ({87766247-311c-43b4-8499-3d5fec94a183})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with isearch Spyware/Adware ({1c78ab3f-a857-482e-80c0-3a1e5238a565})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with istbar Spyware/Adware ({ef86873f-04c2-4a95-a373-5703c08efc7b})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with netpal Spyware/Adware ({ef100007-f409-426a-9e7c-cb211f2a9786})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with webdialer Spyware/Adware ({02c20140-76f8-4763-83d5-b660107b7a90})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with WebSearch Toolbar Spyware/Adware ({6e21f428-5617-47f7-aed8-b2e1d8fba711})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with WinTools Spyware/Adware ({87067f04-de4c-4688-bc3c-4fcf39d609e7})! Action taken: No Action Taken.
Sat Oct 15 14:21:46 2005 => System found infected with WinTools Spyware/Adware ({a8deb4a5-d9ef-4d21-b4f6-921475004e7d})! Action taken: No Action Taken.
Sat Oct 15 14:21:47 2005 => System found infected with WhenU.SaveNow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.
Sat Oct 15 14:21:47 2005 => System found infected with ePlugin Dialer Spyware ({F57D17AE-CE37-4BC8-B232-EA57747BE5E7})! Action taken: No Action Taken.
Sat Oct 15 14:22:09 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.
Sat Oct 15 14:22:09 2005 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
Sat Oct 15 14:22:09 2005 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: No Action Taken.
Sat Oct 15 14:22:09 2005 => System found infected with altnetbde Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
Sat Oct 15 14:22:10 2005 => System found infected with bargainbuddy Spyware/Adware (msbb.exe)! Action taken: No Action Taken.
Sat Oct 15 14:22:10 2005 => System found infected with bargainbuddy Spyware/Adware (msbb.log)! Action taken: No Action Taken.
Sat Oct 15 14:22:10 2005 => System found infected with bargainbuddy Spyware/Adware (msbbhook.dll)! Action taken: No Action Taken.
Sat Oct 15 14:22:10 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.
Sat Oct 15 14:22:32 2005 => System found infected with cws.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Sat Oct 15 14:22:32 2005 => System found infected with Cydoor Spyware/Adware (cd_clint.dll)! Action taken: No Action Taken.
Sat Oct 15 14:22:35 2005 => System found infected with Cydoor Spyware/Adware (common.dll)! Action taken: No Action Taken.
Sat Oct 15 14:22:35 2005 => System found infected with Cydoor Spyware/Adware (im64.dll)! Action taken: No Action Taken.
Sat Oct 15 14:22:38 2005 => System found infected with ezula Spyware/Adware (conscorr.ini)! Action taken: No Action Taken.
Sat Oct 15 14:22:38 2005 => System found infected with ezula Spyware/Adware (preinsln.exe)! Action taken: No Action Taken.
Sat Oct 15 14:22:42 2005 => System found infected with ibis Spyware/Adware (iexploreskins.exe)! Action taken: No Action Taken.
Sat Oct 15 14:22:42 2005 => System found infected with ibis Spyware/Adware (tbps.exe)! Action taken: No Action Taken.
Sat Oct 15 14:22:43 2005 => System found infected with LocalNRD Spyware/Adware (C:\WINDOWS\localnrd.dll)! Action taken: No Action Taken.
Sat Oct 15 14:22:43 2005 => System found infected with LocalNRD Spyware/Adware (localnrd.dll)! Action taken: No Action Taken.
Sat Oct 15 14:22:50 2005 => System found infected with ToonComics Spyware/Adware (msbb_kyf.dat)! Action taken: No Action Taken.
Sat Oct 15 14:22:50 2005 => System found infected with TopMoxie Spyware/Adware (jkill.exe)! Action taken: No Action Taken.
Sat Oct 15 14:22:54 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Sat Oct 15 14:23:00 2005 => System found infected with Advware.BetterInternet Spyware/Adware (ln_reco.exe)! Action taken: No Action Taken.
Sat Oct 15 14:23:01 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (adm4.dll)! Action taken: No Action Taken.
Sat Oct 15 14:23:01 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdata.dll)! Action taken: No Action Taken.
Sat Oct 15 14:23:01 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admdloader.dll)! Action taken: No Action Taken.
Sat Oct 15 14:23:01 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admfdi.dll)! Action taken: No Action Taken.
Sat Oct 15 14:23:01 2005 => System found infected with Cydoor.TOPicks.a Spyware/Adware (admprog.dll)! Action taken: No Action Taken.
Sat Oct 15 14:23:07 2005 => System found infected with Elite toolbar Spyware/Adware (suicidetb.exe)! Action taken: No Action Taken.
Sat Oct 15 14:23:11 2005 => System found infected with Unknown Pest Spyware/Adware (readme.rtf)! Action taken: No Action Taken.
Sat Oct 15 14:26:23 2005 => File C:\Dokumente und Einstellungen\Robert\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file\in_s.class-18fee360-7043b50d.class infected by "Trojan.Java.ClassLoader.ac" Virus! Action Taken: File Deleted.
Sat Oct 15 14:35:42 2005 => File C:\Dokumente und Einstellungen\Robert\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\V0.30.dat infected by "Trojan-Downloader.Win32.Small.bdl" Virus! Action Taken: File Deleted.
Sat Oct 15 14:35:42 2005 => File C:\Dokumente und Einstellungen\Robert\Lokale Einstellungen\Anwendungsdaten\Microsoft\Internet Explorer\V0.32.dat infected by "Trojan-Downloader.Win32.Small.bdl" Virus! Action Taken: File Deleted.
Sat Oct 15 14:41:22 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
Sat Oct 15 14:41:22 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\winlogon.VIR
Sat Oct 15 14:41:23 2005 => File C:\Programme\AVPersonal\INFECTED\winlogon.VIR infected by "Trojan-Clicker.Win32.XMedia.g" Virus! Action Taken: File Deleted.
Sat Oct 15 14:41:35 2005 => Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\curing_an_infected_file_after_a_scan.html
Sat Oct 15 14:41:35 2005 => Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\deleting_an_infected_file_after_a_scan.html
Sat Oct 15 14:41:37 2005 => Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\infected_files.html
Sat Oct 15 14:41:37 2005 => Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\infected_files_02.html
Sat Oct 15 14:41:37 2005 => Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\infected_object.html
Sat Oct 15 14:41:38 2005 => Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\moving_an_infected_file_after_a_scan.html
Sat Oct 15 14:41:40 2005 => Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\remove_infected_macros.html
Sat Oct 15 14:41:40 2005 => Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\renaming_an_infected_file_after_a_scan.html
Sat Oct 15 14:41:41 2005 => Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\send_infected_files_only.html
Sat Oct 15 14:41:43 2005 => Scanning File C:\Programme\CA\eTrust Antivirus\Lang\German\Help\inocit\viewing_details_about_an_infected_file.html
Sat Oct 15 14:43:54 2005 => Scanning Folder: C:\Programme\eScan\INFECTED\*.*
Sat Oct 15 14:43:54 2005 => Scanning File C:\Programme\eScan\infected.wav
Sat Oct 15 15:09:51 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP392\A0110827.exe infected by "Trojan.Win32.Dialer.bf" Virus! Action Taken: File Deleted.
Sat Oct 15 15:10:09 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP393\A0111162.exe infected by "not-virus:BadJoke.Win32.Badgame" Virus! Action Taken: File Deleted.
Sat Oct 15 15:10:09 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP393\A0111163.exe infected by "not-virus:BadJoke.Win32.Badgame" Virus! Action Taken: File Deleted.
Sat Oct 15 15:10:09 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP393\A0111164.dll infected by "Trojan-Downloader.Win32.IstBar.iu" Virus! Action Taken: File Deleted.
Sat Oct 15 15:10:09 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP393\A0111165.dll infected by "Trojan.Win32.Revop.c" Virus! Action Taken: File Deleted.
Sat Oct 15 15:10:10 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP393\A0111166.exe infected by "Trojan-Downloader.Win32.Agent.ae" Virus! Action Taken: File Deleted.
Sat Oct 15 15:15:54 2005 => File C:\WINDOWS\browserxtras\pn\remove.exe infected by "Trojan-Downloader.Win32.Keenval.f" Virus! Action Taken: File Deleted.
Sat Oct 15 15:16:22 2005 => File C:\WINDOWS\Downloaded Program Files\ActiveSecurity.ocx infected by "VirTool.Win32.Collector" Virus! Action Taken: File Deleted.
Sat Oct 15 15:28:42 2005 => File C:\WINDOWS\system32\drivers\etc\NortonPID.hlp infected by "Backdoor.IRC.Zapchast" Virus! Action Taken: File Deleted.
Sat Oct 15 15:39:34 2005 => Scanning File D:\Tobi´s Musik\Bad Religion\Stranger Than Fiction\07. Infected.mp3
Sat Oct 15 15:47:41 2005 => Total Disinfected Files: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Oct 15 14:21:03 2005 => File C:\WINDOWS\localNRD.dll tagged as "not-a-virus:AdWare.Win32.BiSpy.s". Action Taken: No Action Taken.
Sat Oct 15 14:21:03 2005 => File C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll tagged as "not-a-virus:AdWare.Win32.Wintol.al". Action Taken: No Action Taken.
Sat Oct 15 14:21:05 2005 => File C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 14:21:05 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\CMESys.exe tagged as "not-a-virus:AdWare.Win32.Gator.6034". Action Taken: No Action Taken.
Sat Oct 15 14:21:05 2005 => File c:\PROGRA~1\GEMEIN~1\cmeii\GCONTR~1.DLL tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:21:05 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\Gtools.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:21:05 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\GIocl.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:21:05 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\GStore.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:21:05 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\CMEIIAPI.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:21:06 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\GIOCLC~1.DLL tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:21:06 2005 => File c:\PROGRA~1\GEMEIN~1\cmeii\GSTORE~1.DLL tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:21:06 2005 => File c:\PROGRA~1\GEMEIN~1\cmeii\gdwldeng.dll tagged as "not-a-virus:AdWare.Win32.Gator.3124". Action Taken: No Action Taken.
Sat Oct 15 14:21:06 2005 => File c:\PROGRA~1\GEMEIN~1\cmeii\gmtproxy.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:21:06 2005 => File c:\PROGRA~1\GEMEIN~1\cmeii\gappmgr.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:21:06 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\GObjs.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:21:10 2005 => File C:\PROGRA~1\GEMEIN~1\WinTools\WSup.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 14:21:11 2005 => File C:\PROGRA~1\GEMEIN~1\GMT\GMT.exe tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:21:11 2005 => File C:\PROGRA~1\GEMEIN~1\GMT\EGNSEN~1.DLL tagged as "not-a-virus:AdWare.Win32.Gator.5017". Action Taken: No Action Taken.
Sat Oct 15 14:21:11 2005 => File C:\PROGRA~1\GEMEIN~1\GMT\EGIEPR~1.DLL tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:21:11 2005 => File C:\PROGRA~1\GEMEIN~1\GMT\EGGCEN~1.DLL tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:21:11 2005 => File C:\PROGRA~1\GEMEIN~1\GMT\GatorRes.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:21:20 2005 => File C:\WINDOWS\localNRD.dll tagged as "not-a-virus:AdWare.Win32.BiSpy.s". Action Taken: No Action Taken.
Sat Oct 15 14:21:20 2005 => File C:\PROGRA~1\GEMEIN~1\WinTools\WToolsB.dll tagged as "not-a-virus:AdWare.Win32.Wintol.al". Action Taken: No Action Taken.
Sat Oct 15 14:21:27 2005 => File C:\PROGRA~1\GEMEIN~1\WinTools\WToolsA.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 14:21:27 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\CMESys.exe tagged as "not-a-virus:AdWare.Win32.Gator.6034". Action Taken: No Action Taken.
Sat Oct 15 14:35:54 2005 => File C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Win32.Altnet.b". Action Taken: No Action Taken.
Sat Oct 15 14:36:03 2005 => File C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\GLB6.tmp tagged as "not-a-virus:AdWare.Win32.VirtualBouncer". Action Taken: No Action Taken.
Sat Oct 15 14:36:22 2005 => File C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\localNrd.cab tagged as "not-a-virus:AdWare.Win32.BiSpy.s". Action Taken: No Action Taken.
Sat Oct 15 14:36:22 2005 => File C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\localNRD.dll tagged as "not-a-virus:AdWare.Win32.BiSpy.s". Action Taken: No Action Taken.
Sat Oct 15 14:36:31 2005 => File C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\preInsln.exe tagged as "not-a-virus:AdWare.Win32.BiSpy.o". Action Taken: No Action Taken.
Sat Oct 15 14:36:50 2005 => File C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\THI34F8.tmp\localNrd.cab tagged as "not-a-virus:AdWare.Win32.BiSpy.n". Action Taken: No Action Taken.
Sat Oct 15 14:36:50 2005 => File C:\Dokumente und Einstellungen\***t\Lokale Einstellungen\Temp\THI34F8.tmp\preInsln.exe tagged as "not-a-virus:AdWare.Win32.BiSpy.o". Action Taken: No Action Taken.
Sat Oct 15 14:36:58 2005 => File C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\VVSNInst.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bo". Action Taken: No Action Taken.
Sat Oct 15 14:38:09 2005 => File C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OHE70HYF\WinTS[1].cab tagged as "not-a-virus:AdWare.Win32.Wintol.ah". Action Taken: No Action Taken.
Sat Oct 15 14:38:34 2005 => File C:\Downloads\BSINSTALL.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
Sat Oct 15 14:38:56 2005 => File C:\Program Files\Windows AdControl\WinAdShift.dll tagged as "not-a-virus:AdWare.Win32.WinAD.b". Action Taken: No Action Taken.
Sat Oct 15 14:41:30 2005 => File C:\Programme\BearShare\Installer\BSINSTALL.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
Sat Oct 15 14:41:30 2005 => File C:\Programme\BearShare\Installer\saveinstwm.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
Sat Oct 15 14:44:17 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:17 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:17 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:18 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll tagged as "not-a-virus:AdWare.Win32.Gator.3124". Action Taken: No Action Taken.
Sat Oct 15 14:44:18 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:18 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:18 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:18 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:18 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:18 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:18 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:18 2005 => File C:\Programme\Gemeinsame Dateien\dfabopbn\drlfttfpts\llscdflbq.exe tagged as "not-a-virus:AdWare.Win32.Gator.a". Action Taken: No Action Taken.
Sat Oct 15 14:44:18 2005 => File C:\Programme\Gemeinsame Dateien\dfabopbn\fqufpenl\rtsedets.exe tagged as "not-a-virus:AdWare.Win32.Gator.a". Action Taken: No Action Taken.
Sat Oct 15 14:44:20 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:20 2005 => File C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:20 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:20 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll tagged as "not-a-virus:AdWare.Win32.Gator.5017". Action Taken: No Action Taken.
Sat Oct 15 14:44:20 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:20 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe tagged as "not-a-virus:AdWare.Win32.Gator.6034". Action Taken: No Action Taken.
Sat Oct 15 14:44:21 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:44:21 2005 => File C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil tagged as "not-a-virus:AdWare.Win32.Gator.a". Action Taken: No Action Taken.
Sat Oct 15 14:44:21 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe tagged as "not-a-virus:AdWare.Win32.Gator.6041". Action Taken: No Action Taken.
Sat Oct 15 14:47:41 2005 => File C:\Programme\Gemeinsame Dateien\WinTools\WSup.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 14:51:44 2005 => File C:\Programme\Kazaa\TopSearch.dll tagged as "not-a-virus:AdWare.Win32.Altnet.e". Action Taken: No Action Taken.
Sat Oct 15 14:59:45 2005 => File C:\Programme\Save\Save.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bc". Action Taken: No Action Taken.
Sat Oct 15 14:59:45 2005 => File C:\Programme\Save\SaveUninst.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bc". Action Taken: No Action Taken.
Sat Oct 15 15:01:35 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP335\A0096823.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:01:35 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP335\A0096844.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:01:40 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP338\A0097842.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:01:42 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP339\A0097928.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:01:43 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP339\A0097949.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:01:44 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP339\A0097980.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:01:45 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP339\A0098017.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:01:51 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP339\A0098100.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:01:51 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP339\A0098124.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:01:52 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP339\A0098144.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:01:53 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP339\A0098163.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:01:53 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP339\A0098185.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:01:55 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP339\A0098228.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:01:57 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP340\A0098269.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:01:58 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP340\A0098291.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:00 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP341\A0098329.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:01 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP341\A0098357.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:04 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP342\A0098391.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:05 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP342\A0098417.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:07 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP343\A0098449.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:07 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP343\A0098465.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:08 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP343\A0098510.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:11 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP344\A0098572.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:11 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP344\A0098587.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:12 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP344\A0098605.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:12 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP344\A0098629.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:13 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP344\A0098646.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:15 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP345\A0098686.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:16 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP345\A0098716.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:16 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP345\A0098739.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:17 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP345\A0098756.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:25 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP346\A0098856.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:25 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP346\A0098878.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:27 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP347\A0098916.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:27 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP347\A0098944.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:28 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP347\A0098967.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:28 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP347\A0098981.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:48 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP348\A0099321.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:49 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP348\A0099380.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:50 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP348\A0099429.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:50 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP348\A0099448.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:02:57 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP348\A0099553.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.

Sat Oct 15 15:03:05 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP349\A0099696.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:03:07 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP349\A0099748.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:03:08 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP349\A0099787.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:03:12 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP350\A0099907.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:03:14 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP351\A0099975.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:03:15 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP351\A0100017.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:03:16 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP351\A0100048.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:03:18 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP352\A0100127.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:03:19 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP352\A0100158.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:03:34 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP354\A0100357.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:03:36 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP355\A0101357.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:03:41 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP356\A0101486.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:03:48 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP356\A0101598.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:03:51 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP357\A0101664.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:03:58 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP358\A0101794.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:01 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP359\A0101867.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:02 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP359\A0101921.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:03 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP359\A0101953.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:06 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP360\A0102026.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:14 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP361\A0102141.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:16 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP362\A0102209.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:17 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP362\A0102250.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:18 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP362\A0102301.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:22 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP363\A0102379.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:24 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP364\A0102443.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:25 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP364\A0102493.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:31 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP364\A0102591.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:34 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP365\A0102658.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:35 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP365\A0102703.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:41 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP365\A0102806.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:43 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP365\A0102856.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:44 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP365\A0102900.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:49 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP365\A0102993.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:04:57 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP366\A0103115.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:04 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP366\A0103215.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:05 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP366\A0103259.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:06 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP366\A0104259.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:13 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP367\A0104365.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:14 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP367\A0104409.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:15 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP367\A0104445.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:17 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP367\A0104493.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:18 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP367\A0104534.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:20 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP368\A0104605.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:21 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP368\A0104651.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:22 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP368\A0104686.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:24 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP369\A0104739.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:26 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP369\A0104796.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:26 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP369\A0104837.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:28 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP369\A0104873.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:31 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP370\A0104938.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:32 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP370\A0104982.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:34 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP370\A0105015.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:35 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP370\A0105051.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:37 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP371\A0105100.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:40 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP371\A0105150.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:42 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP372\A0105204.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:44 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP372\A0105257.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:46 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP373\A0105316.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:48 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP373\A0105361.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:48 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP373\A0105396.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:51 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP374\A0105459.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:53 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP374\A0105520.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:05:54 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP374\A0105558.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:02 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP374\A0105713.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:09 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP374\A0105833.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:10 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP374\A0105869.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:12 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP374\A0105911.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:14 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP375\A0105965.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:15 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP375\A0106008.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:24 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP376\A0106129.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:26 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP376\A0106169.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:27 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP376\A0106206.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:29 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP377\A0106247.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:30 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP377\A0106282.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:32 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP378\A0106339.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:33 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP378\A0106377.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:34 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP378\A0106424.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:35 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP378\A0106464.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:36 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP378\A0106499.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:38 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP378\A0106537.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:39 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP378\A0106586.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:39 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP378\A0106614.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:42 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP379\A0106680.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:43 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP379\A0106720.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:46 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP379\A0106762.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:47 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP379\A0106798.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:56 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP380\A0106924.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:57 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP380\A0106966.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:06:58 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP380\A0107006.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:07:09 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP381\A0108006.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:07:16 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP381\A0108104.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.

Sat Oct 15 15:07:17 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP381\A0108146.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:07:19 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP382\A0108218.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:07:21 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP382\A0108258.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:07:22 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP382\A0108302.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:07:23 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP382\A0108348.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:07:52 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP383\A0108805.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:07:56 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP384\A0108927.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:07:58 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP384\A0108963.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:07:59 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP384\A0109015.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:00 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP384\A0109052.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:01 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP384\A0109087.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:02 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP384\A0109125.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:04 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP385\A0109185.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:06 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP385\A0109229.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:33 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP385\A0109281.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:35 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP385\A0109336.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:37 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP386\A0109398.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:38 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP386\A0109431.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:40 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP386\A0109483.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:42 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP386\A0109528.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:43 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP386\A0109567.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:45 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP386\A0109615.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:45 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP386\A0109653.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:46 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP386\A0109697.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:49 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP387\A0109740.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:08:51 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP387\A0109790.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:12 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP390\A0109995.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:19 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP390\A0110099.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:20 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP390\A0110143.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:21 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP390\A0110183.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:23 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP390\A0110258.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:24 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP390\A0110295.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:25 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP390\A0110329.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:32 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP390\A0110427.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:33 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP390\A0110466.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:34 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP390\A0110501.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:36 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP391\A0110557.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:38 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP391\A0110591.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:41 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP392\A0110662.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:42 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP392\A0110693.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:44 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP392\A0110749.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:50 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP392\A0110825.exe tagged as "not-a-virus:AdWare.Win32.Gator.a". Action Taken: No Action Taken.
Sat Oct 15 15:09:50 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP392\A0110826.exe tagged as "not-a-virus:AdWare.Win32.Gator.a". Action Taken: No Action Taken.
Sat Oct 15 15:09:51 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP392\A0110847.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:09:53 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP392\A0110903.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:10:00 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP392\A0111016.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:10:07 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP393\A0111126.exe tagged as "not-a-virus:AdWare.Win32.Wintol.af". Action Taken: No Action Taken.
Sat Oct 15 15:10:10 2005 => File C:\System Volume Information\_restore{C0D98CBA-6672-47B1-9E43-2A9DE301BFBF}\RP393\A0111169.exe tagged as "not-a-virus:AdWare.Win32.Wintol.ah". Action Taken: No Action Taken.
Sat Oct 15 15:10:11 2005 => File C:\Temp\lc.exe tagged as "not-a-virus:AdWare.Win32.BetterInternet". Action Taken: No Action Taken.
Sat Oct 15 15:10:11 2005 => File C:\Temp\WebRebates_Auto_InstallSilent_Euro.exe tagged as "not-a-virus:AdWare.Win32.WebRebates.b". Action Taken: No Action Taken.
Sat Oct 15 15:10:12 2005 => File C:\Temp\WinAdCtlInstPack.exe tagged as "not-a-virus:AdWare.Win32.WinAD.b". Action Taken: No Action Taken.
Sat Oct 15 15:24:59 2005 => File C:\WINDOWS\preInsln.exe tagged as "not-a-virus:AdWare.Win32.BiSpy.o". Action Taken: No Action Taken.
Sat Oct 15 15:27:45 2005 => File C:\WINDOWS\system32\BO2801040128.dll tagged as "not-a-virus:AdWare.Win32.VirtualBouncer.d". Action Taken: No Action Taken.
Sat Oct 15 15:27:45 2005 => File C:\WINDOWS\system32\BO2809040510.exe tagged as "not-a-virus:AdWare.Win32.VirtualBouncer.d". Action Taken: No Action Taken.
Sat Oct 15 15:27:52 2005 => File C:\WINDOWS\system32\cd_clint.dll tagged as "not-a-virus:AdWare.Win32.Cydoor". Action Taken: No Action Taken.
Sat Oct 15 15:28:43 2005 => File C:\WINDOWS\system32\drivers\etc\spsexec.exe tagged as not-a-virus:RiskTool.Win32.PsExec.13. No Action Taken.
Sat Oct 15 15:29:03 2005 => File C:\WINDOWS\system32\ln_reco.exe tagged as "not-a-virus:AdWare.Win32.BetterInternet". Action Taken: No Action Taken.
Sat Oct 15 15:29:12 2005 => File C:\WINDOWS\system32\msbb.exe tagged as "not-a-virus:AdWare.Win32.180Solutions". Action Taken: No Action Taken.
Sat Oct 15 15:29:12 2005 => File C:\WINDOWS\system32\msbb321.dll tagged as "not-a-virus:AdWare.Win32.180Solutions". Action Taken: No Action Taken.
Sat Oct 15 15:29:13 2005 => File C:\WINDOWS\system32\msbbhook.dll tagged as "not-a-virus:AdWare.Win32.180Solutions". Action Taken: No Action Taken.
Sat Oct 15 15:29:46 2005 => File C:\WINDOWS\system32\SHAgentNew.dll tagged as "not-a-virus:AdWare.Win32.Sahat.g". Action Taken: No Action Taken.
Sat Oct 15 15:30:21 2005 => File C:\WINDOWS\Temp\Altnet\adm.exe tagged as "not-a-virus:AdWare.Win32.Altnet.a". Action Taken: No Action Taken.
Sat Oct 15 15:30:21 2005 => File C:\WINDOWS\Temp\Altnet\adm25.dll tagged as "not-a-virus:AdWare.Win32.Altnet.a". Action Taken: No Action Taken.
Sat Oct 15 15:30:21 2005 => File C:\WINDOWS\Temp\Altnet\adm4.dll tagged as "not-a-virus:AdWare.Win32.Altnet.a". Action Taken: No Action Taken.
Sat Oct 15 15:30:21 2005 => File C:\WINDOWS\Temp\Altnet\admprog.dll tagged as "not-a-virus:AdWare.Win32.Altnet.a". Action Taken: No Action Taken.
Sat Oct 15 15:30:22 2005 => File C:\WINDOWS\Temp\Altnet\mysearch.cab tagged as "not-a-virus:AdWare.Win32.MyWay.g". Action Taken: No Action Taken.
Sat Oct 15 15:30:22 2005 => File C:\WINDOWS\Temp\Altnet\pmfiles.cab tagged as "not-a-virus:AdWare.Win32.BrilliantDigital.1007". Action Taken: No Action Taken.
Sat Oct 15 15:30:22 2005 => File C:\WINDOWS\Temp\Altnet\Setup.exe tagged as "not-a-virus:AdWare.Win32.Altnet.b". Action Taken: No Action Taken.
Sat Oct 15 15:38:14 2005 => File D:\RECYCLER\S-1-5-21-4072494970-2572216659-1278554267-1008\Dd14.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Funde für "offending"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Oct 15 14:21:47 2005 => Offending value found in HKCU\Software\180solutions !!!
Sat Oct 15 14:21:49 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare !!!
Sat Oct 15 14:21:49 2005 => Offending value found in HKCU\appevents\schemes\apps\bearshare !!!
Sat Oct 15 14:21:49 2005 => Offending value found in HKLM\Software\magnet\handlers\bearshare !!!
Sat Oct 15 14:21:49 2005 => Offending value found in HKLM\Software\bearshare !!!
Sat Oct 15 14:21:49 2005 => Offending Folder found: C:\PROGRA~1\bearshare
Sat Oct 15 14:21:49 2005 => Offending Folder found: C:\PROGRA~1\bearsh~1
Sat Oct 15 14:21:49 2005 => Offending value found in HKCU\appevents\eventlabels\bearsharechatnotifymsg !!!
Sat Oct 15 14:21:49 2005 => Offending value found in HKLM\Software\Licenses !!!
Sat Oct 15 14:21:49 2005 => Offending value found in HKLM\Software\Licenses !!!
Sat Oct 15 14:21:50 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\GAIN Publishing !!!
Sat Oct 15 14:21:50 2005 => Offending Folder found: C:\DOKUME~1\ALLUSE~1\STARTM~1\PROGRA~1\GAIN Publishing
Sat Oct 15 14:21:50 2005 => Offending value found in HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\CMESys !!!
Sat Oct 15 14:21:50 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\Run !!!
Sat Oct 15 14:21:50 2005 => Offending value found in HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\conscorr !!!
Sat Oct 15 14:21:50 2005 => Offending Folder found: C:\WINDOWS\system32\adcache
Sat Oct 15 14:21:50 2005 => Offending value found in HKCU\Software\cydoor !!!
Sat Oct 15 14:21:51 2005 => Offending Folder found: C:\WINDOWS\elitetoolbar
Sat Oct 15 14:21:52 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\flashget !!!
Sat Oct 15 14:21:52 2005 => Offending Folder found: C:\DOKUME~1\ALLUSE~1\STARTM~1\PROGRA~1\flashget
Sat Oct 15 14:21:52 2005 => Offending value found in HKLM\Software\gator.com !!!
Sat Oct 15 14:21:52 2005 => Offending Folder found: C:\PROGRA~1\gator.com
Sat Oct 15 14:21:53 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\wintools !!!
Sat Oct 15 14:21:53 2005 => Offending value found in HKCU\Software\wintools !!!
Sat Oct 15 14:21:53 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\wintools !!!
Sat Oct 15 14:21:53 2005 => Offending value found in HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\wintools !!!
Sat Oct 15 14:21:53 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\Run !!!
Sat Oct 15 14:21:53 2005 => Offending value found in HKCU\Software\isearch !!!
Sat Oct 15 14:21:53 2005 => Offending value found in HKCU\Software\ist !!!
Sat Oct 15 14:21:53 2005 => Offending Folder found: C:\WINDOWS\cache329
Sat Oct 15 14:21:53 2005 => Offending value found in HKLM\Software\magnet\handlers\kazaa !!!
Sat Oct 15 14:21:53 2005 => Offending value found in HKCU\Software\kazaa !!!
Sat Oct 15 14:21:53 2005 => Offending Folder found: C:\PROGRA~1\kazaa
Sat Oct 15 14:21:53 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\kazaa media desktop !!!
Sat Oct 15 14:21:53 2005 => Offending Folder found: C:\DOKUME~1\****\STARTM~1\PROGRA~1\kazaa media desktop
Sat Oct 15 14:21:54 2005 => Offending value found in HKLM\Software\myway !!!
Sat Oct 15 14:21:54 2005 => Offending Folder found: C:\PROGRA~1\myway
Sat Oct 15 14:21:54 2005 => Offending value found in HKLM\Software\p2p networking !!!
Sat Oct 15 14:21:56 2005 => Offending value found in HKLM\Software\altnet !!!
Sat Oct 15 14:21:56 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\altnet !!!
Sat Oct 15 14:21:56 2005 => Offending value found in HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\web search tools !!!
Sat Oct 15 14:21:56 2005 => Offending value found in HKLM\Software\WhenUSave !!!
Sat Oct 15 14:21:56 2005 => Offending value found in HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupReg\WhenUSave !!!
Sat Oct 15 14:21:56 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\whenusavemsg !!!
Sat Oct 15 14:21:56 2005 => Offending Folder found: C:\DOKUME~1\****\STARTM~1\PROGRA~1\WhenU
Sat Oct 15 14:21:58 2005 => Offending value found in HKLM\Software\elitum !!!
Sat Oct 15 14:22:05 2005 => Offending Folder found: C:\PROGRA~1\Toolbar
Sat Oct 15 14:22:09 2005 => Offending file found: C:\WINDOWS\smdat32a.sys
Sat Oct 15 14:22:09 2005 => Offending file found: C:\WINDOWS\TEMP
Sat Oct 15 14:22:09 2005 => Offending file found: C:\WINDOWS\TEMP
Sat Oct 15 14:22:10 2005 => Offending file found: C:\WINDOWS\system32\msbb.exe
Sat Oct 15 14:22:10 2005 => Offending file found: C:\WINDOWS\system32\msbb.log
Sat Oct 15 14:22:10 2005 => Offending file found: C:\WINDOWS\system32\msbbhook.dll
Sat Oct 15 14:22:10 2005 => Offending file found: C:\DOKUME~1\Robert\Desktop\bearshare.lnk
Sat Oct 15 14:22:32 2005 => Offending file found: C:\WINDOWS\system32\cd_clint.dll
Sat Oct 15 14:22:35 2005 => Offending file found: C:\DOKUME~1\****\LOKALE~1\Temp\common.dll
Sat Oct 15 14:22:35 2005 => Offending file found: C:\WINDOWS\system32\im64.dll
Sat Oct 15 14:22:38 2005 => Offending file found: C:\DOKUME~1\****\LOKALE~1\Temp\conscorr.ini
Sat Oct 15 14:22:38 2005 => Offending file found: C:\DOKUME~1\****\LOKALE~1\Temp\preinsln.exe
Sat Oct 15 14:22:42 2005 => Offending file found: C:\DOKUME~1\****\LOKALE~1\Temp\iexploreskins.exe
Sat Oct 15 14:22:42 2005 => Offending file found: C:\DOKUME~1\****\LOKALE~1\Temp\tbps.exe
Sat Oct 15 14:22:43 2005 => Offending file found: C:\WINDOWS\localnrd.dll
Sat Oct 15 14:22:43 2005 => Offending file found: C:\DOKUME~1\****\LOKALE~1\Temp\localnrd.dll
Sat Oct 15 14:22:50 2005 => Offending file found: C:\WINDOWS\system32\msbb_kyf.dat
Sat Oct 15 14:22:50 2005 => Offending file found: C:\DOKUME~1\****\LOKALE~1\Temp\jkill.exe
Sat Oct 15 14:22:54 2005 => Offending file found: C:\WINDOWS\iun6002.exe
Sat Oct 15 14:23:00 2005 => Offending file found: C:\WINDOWS\system32\ln_reco.exe
Sat Oct 15 14:23:01 2005 => Offending file found: C:\WINDOWS\TEMP
Sat Oct 15 14:23:01 2005 => Offending file found: C:\WINDOWS\TEMP
Sat Oct 15 14:23:01 2005 => Offending file found: C:\WINDOWS\TEMP
Sat Oct 15 14:23:01 2005 => Offending file found: C:\WINDOWS\TEMP
Sat Oct 15 14:23:01 2005 => Offending file found: C:\WINDOWS\TEMP
Sat Oct 15 14:23:07 2005 => Offending file found: C:\DOKUME~1\****t\LOKALE~1\Temp\suicidetb.exe
Sat Oct 15 14:23:11 2005 => Offending file found: C:\DOKUME~1\****\LOKALE~1\Temp\readme.rtf
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sat Oct 15 15:47:41 2005 => Total Virus(es) Found: 363
Sat Oct 15 15:47:41 2005 => Total Errors: 345
Sat Oct 15 15:47:41 2005 => Time Elapsed: 01:26:47
Sat Oct 15 15:47:41 2005 => Total Objects Scanned: 123402
Sat Oct 15 14:19:52 2005 => Virus Database Date: 2005/10/15
Sat Oct 15 15:47:41 2005 => Virus Database Date: 2005/10/15
Sat Oct 15 16:28:26 2005 => Virus Database Date: 2005/10/15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

lol sind ja nciht so warg viele :P kann man da noch was machen? sind bösartige dabei?????

ist es besser meinen pc komplett zu resetten? habe da eigentlich kein bock drauf!!

so long

So nun gehe bitte wie folgt vor:

Deaktiviere zunächst die Systemwiederherstellung (http://www.systemwiederherstellung-d...indows-xp.html), danach löschst du deine temporären Dateien mittels Cleanup .
Danach scanne dein System im abgesicherten Modus mit Adaware und Spybot .Beide Programme vorher aktualisieren und mit Spybot zusätzlich immunisieren.
Anschliessend löschst du die Datei mwav.log im Escan Ordner, updatest Escan wie in der Anleitung beschrieben und scannst erneut mit Escan.