| |
| |||||||
Log-Analyse und Auswertung: Worm.Win32.Pinit.gen ??Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.08.2009, 21:41
| #16 |
 |  Worm.Win32.Pinit.gen ?? Hi, habe alle Schritte durchgeführt.! Allerdings ließ sich AVguard überhaupt nicht ausschalten. Ich habe ein paar Trojaner die avguard gefunden hat gelöscht, weil ich den Eindruck hatte, daß cofi daran hängengeblieben ist.. AVguard meldet auch jetzt wieder eines der gelöschten trojaner. Was muß ich denn noch tun?? Kann ich die Trojaner löschen? cofi hat übrigens gemeldet, daß windows script host odeaktiviert ist und die microsoft Wiederherstellungskonsole fehlt. Hat mich dann als es downloaden wollte gefragt ob ich xp Home hab, hab nein gedrückt, folglich gings nicht mit tiefer Sicherheitsstufe. (wenn ich das jetzt alles richtig in Erinnerung habe) Hier das logfile von cofi: Code:
ATTFilter ComboFix 09-08-04.04 - Rena 06.08.2009 21:46.1.2 - NTFSx86
ausgeführt von:: d:\dokumente und einstellungen\Rena\Desktop\cofi.exe
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\dokume~1\ALLUSE~1\ANWEND~1\15535004
d:\dokume~1\ALLUSE~1\ANWEND~1\15535004\15535004
d:\dokumente und einstellungen\Rena\Desktop\System Security 2009.lnk
d:\windows\lsass.exe
d:\windows\msa.exe
d:\windows\odb.exe
d:\windows\svc.exe
d:\windows\system32\drivers\UACjadiubyuoy.sys
d:\windows\system32\drivers\vsfoceniuxjyeh.sys
d:\windows\system32\lowsec
d:\windows\system32\lowsec\local.ds
d:\windows\system32\lowsec\user.ds
d:\windows\system32\net.net
d:\windows\system32\sdra64.exe
d:\windows\system32\UACaegoeonikv.dll
d:\windows\system32\UACdxlaldotvr.dll
d:\windows\system32\uacinit.dll
d:\windows\system32\UAClmdjtaxmhl.dll
d:\windows\system32\UACqpqqalkyfl.log
d:\windows\system32\UACtctucnreej.dat
d:\windows\system32\UACwqcsbpyovk.db
d:\windows\system32\UACydkjvrbhiv.dll
d:\windows\system32\UACymophqiafd.dll
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((( Dateien erstellt von 2009-07-06 bis 2009-08-06 ))))))))))))))))))))))))))))))
.
2009-08-06 17:32 . 2009-08-06 17:33 -------- d-----w- D:\rsit
2009-08-06 16:01 . 2009-08-06 16:01 -------- d-----w- d:\programme\Enigma Software Group
2009-08-05 09:51 . 2009-08-05 09:51 -------- d-----w- d:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
2009-08-03 19:07 . 2009-08-03 19:07 54784 ----a-w- d:\windows\system32\drivers\UACvimxowpdqv.sys
2009-08-03 19:07 . 2009-08-03 19:07 310 ----a-w- d:\windows\system32\uacsr.dat
2009-08-02 10:35 . 2009-08-02 10:35 -------- d-----w- D:\SDFix
2009-08-02 09:57 . 2009-08-02 09:57 -------- d-s---w- d:\windows\Downloaded Program Files
2009-08-02 01:06 . 2009-08-02 01:06 -------- d-----w- d:\programme\Trend Micro
2009-08-02 00:41 . 2009-08-02 00:41 109 --sha-w- d:\windows\system32\3571252021.dat
2009-08-02 00:41 . 2009-08-02 00:41 43008 --sh--r- d:\windows\system32\actskn45d.exe
2009-08-01 23:38 . 2009-03-30 08:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys
2009-08-01 23:38 . 2009-03-24 14:08 55640 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-08-01 23:38 . 2009-02-13 10:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys
2009-08-01 23:38 . 2009-02-13 10:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys
2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- d:\programme\Avira
2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- d:\dokume~1\ALLUSE~1\ANWEND~1\Avira
2009-07-22 05:39 . 2009-07-16 12:12 52224 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\Mozilla\Firefox\Profiles\2a14pfvb.default\extensions\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}\components\FFExternalAlert.dll
2009-07-22 05:39 . 2009-07-16 12:12 114688 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\Mozilla\Firefox\Profiles\2a14pfvb.default\extensions\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}\components\npmozax.dll
2009-07-18 20:03 . 2009-08-01 07:03 -------- d-----w- d:\dokumente und einstellungen\Rena\Lokale Einstellungen\Anwendungsdaten\Temp
2009-07-16 10:47 . 2009-07-16 10:47 31088 ----a-w- d:\dokumente und einstellungen\Darius Daddelhein\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-07-16 10:47 . 2009-07-16 10:47 -------- d-----w- d:\dokumente und einstellungen\Darius Daddelhein\Lokale Einstellungen\Anwendungsdaten\ATI
2009-07-16 10:47 . 2009-07-16 10:47 -------- d-----w- d:\dokumente und einstellungen\Darius Daddelhein\Anwendungsdaten\ATI
2009-07-11 20:07 . 2009-08-01 21:19 -------- d-----w- d:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\MediaMonkey
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 20:25 . 2006-09-18 19:01 31088 -c--a-w- d:\dokumente und einstellungen\Rena\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-08-06 13:31 . 2008-05-31 10:58 -------- d-----w- d:\dokume~1\ALLUSE~1\ANWEND~1\Google Updater
2009-08-03 20:32 . 2002-12-31 12:00 70580 ----a-w- d:\windows\system32\perfc007.dat
2009-08-03 20:32 . 2002-12-31 12:00 405118 ----a-w- d:\windows\system32\perfh007.dat
2009-08-01 23:04 . 2009-08-01 23:04 1198496 ----a-w- d:\windows\system32\xa.tmp
2009-07-24 00:59 . 2008-12-05 23:49 -------- d-----w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss
2009-07-07 16:20 . 2009-07-07 16:20 -------- d-----w- d:\dokume~1\ALLUSE~1\ANWEND~1\Electronic Arts
2009-07-07 16:04 . 2009-07-07 16:04 -------- d-----w- d:\programme\Electronic Arts
2009-07-07 13:17 . 2009-07-07 13:16 -------- d-----w- d:\programme\MediaMonkey
2009-07-03 18:43 . 2007-04-24 10:26 -------- d-----w- d:\programme\Google
2009-07-03 18:43 . 2008-01-02 00:34 -------- d-----w- d:\programme\DivX
2009-07-03 18:41 . 2009-07-03 18:41 -------- d-----w- d:\programme\Gemeinsame Dateien\DivX Shared
2009-06-24 20:19 . 2009-06-24 20:19 -------- d-----w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\Samsung
2009-06-24 20:17 . 2009-06-24 20:03 5632 ----a-w- d:\windows\system32\drivers\StarOpen.sys
2009-06-24 20:04 . 2009-06-24 20:04 -------- d-----w- d:\programme\DIFX
2009-06-24 20:03 . 2009-06-24 20:03 -------- d-----w- d:\programme\Samsung
2009-06-24 20:03 . 2006-09-18 18:58 -------- d--h--w- d:\programme\InstallShield Installation Information
2009-06-24 13:32 . 2008-11-08 12:51 -------- d-----w- d:\programme\Gemeinsame Dateien\Apple
2009-06-24 13:32 . 2008-11-08 14:40 -------- d-----w- d:\programme\iPod
2009-06-24 13:25 . 2008-07-12 13:02 -------- d-----w- d:\programme\mozilla.org
2009-06-24 13:23 . 2008-05-31 11:06 -------- d-----w- d:\programme\Sun
2009-06-24 11:45 . 2007-01-06 11:27 -------- d-----w- d:\programme\CCleaner
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- d:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- d:\programme\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2002-12-31 12:00 359040 1745B00FC1141404B28F4B94F69A8871 d:\windows\system32\dllcache\tcpip.sys
[-] 2002-12-31 12:00 359040 1745B00FC1141404B28F4B94F69A8871 d:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="d:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-31 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kopie von KernelFaultCheck"="d:\windows\system32\dumprep 0 -k" [X]
"Adobe Reader Speed Launcher"="d:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"StartCCC"="d:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SunJavaUpdateSched"="d:\programme\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"MSConfig"="d:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-12-31 160768]
"SpyHunter Security Suite"="d:\programme\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"QuickTime Task"="d:\programme\QuickTime\qttask.exe" [2008-11-04 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2002-12-31 15360]
d:\dokume~1\ALLUSE~1\STARTM~1\PROGRA~1\AUTOST~1\
Microsoft Office.lnk - d:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Pinnacle Streaming Server.lnk]
path=d:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Pinnacle Streaming Server.lnk
backup=d:\windows\pss\Pinnacle Streaming Server.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\Programme\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);d:\windows\system32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352]
R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [02.08.2009 01:38 108289]
R3 NeroCd2k;NeroCd2k;d:\windows\system32\drivers\NeroCD2k.sys [16.04.2001 12:54 44227]
S2 gupdate1c9fc0dee6b6f84;Google Update Service (gupdate1c9fc0dee6b6f84);d:\programme\Google\Update\GoogleUpdate.exe [03.07.2009 20:41 133104]
S3 cusbohcn;cusbohcn;\??\d:\dokume~1\Rena\LOKALE~1\Temp\cusbohcn.sys --> d:\dokume~1\Rena\LOKALE~1\Temp\cusbohcn.sys [?]
S3 MODRC;DiBcom Infrared Receiver;d:\windows\system32\drivers\modrc.sys [25.01.2009 20:23 13824]
S3 TTCinergyT2;TerraTec Cinergy T² (BDA);d:\windows\system32\drivers\TTCinergyT2BDA.sys [19.05.2006 12:31 22528]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-net - d:\windows\system32\net.net
HKLM-Run-odby - d:\windows\odb.exe
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - d:\dokume~1\Rena\ANWEND~1\Mozilla\Firefox\Profiles\2a14pfvb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1606659&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1606659&SearchSource=2&q=
FF - plugin: d:\programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: d:\programme\Google\Update\1.2.183.7\npGoogleOneClick8.dll
---- FIREFOX Richtlinien ----
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
d:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 22:22
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,1c,8d,af,0f,be,
5d,dd,f7,2e,e8,e1,00,eb,16,2b,de,f1,30,fb,48,4f,12,16,85,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,89,07,f7,a3,dc,
b4,c1,17,46,47,15,b0,92,4b,c7,ef,cb,04,ae,2e,0a,35,30,51,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,32,47,bc,dd,d5,
9a,cf,ef,7a,45,05,fd,91,e8,6f,31,38,26,72,ae,35,c5,44,09,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,93,ac,35,2b,30,
e6,d0,3d,6b,65,49,6a,7e,99,74,f7,a8,99,34,bb,63,4c,5f,27,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,3f,ae,44,21,5e,
f5,41,6a,e9,02,6c,fa,fb,1d,47,57,21,8d,e6,38,00,83,5c,ed,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,80,05,3e,ef,fc,
15,1e,34,50,93,e5,ab,ec,6a,4e,ab,32,6e,0a,2c,3b,7e,a7,ee,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,aa,d4,dd,aa,c0,
86,88,d6,97,20,4e,9a,c7,f1,35,ee,26,65,e4,d4,3c,d2,3d,9b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,d1,c9,cf,25,da,
ad,3c,b6,aa,52,c6,00,84,3c,26,64,8e,2b,b1,3e,44,b5,fe,14,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,45,d1,ca,bc,fa,
b3,3c,df,b2,46,9a,e2,1b,fe,1b,94,54,a9,04,80,d1,9e,9c,90,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,47,bc,78,17,ba,
87,d2,70,37,a4,aa,c3,a6,15,56,0a,57,50,f3,eb,b4,a0,c5,79,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,77,ef,fd,f1,da,
2b,77,9f,f8,31,0f,a9,5f,a0,ec,fb,bc,c3,a0,d2,5a,d6,61,4c,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ac,a3,25,fa,3b,
31,b6,22,05,73,21,dd,54,d8,4a,c5,10,24,29,fd,7f,83,d7,97,6c,43,2d,1e,aa,22,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(576)
d:\windows\system32\Ati2evxx.dll
d:\programme\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
- - - - - - - > 'lsass.exe'(632)
d:\programme\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
- - - - - - - > 'explorer.exe'(3916)
d:\programme\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\windows\system32\ati2evxx.exe
d:\windows\system32\ati2evxx.exe
d:\programme\Avira\AntiVir Desktop\avguard.exe
d:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\programme\Java\jre6\bin\jqs.exe
d:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
d:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\windows\system32\wscntfy.exe
d:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-08-06 22:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-08-06 20:28
Vor Suchlauf: 2.634.649.600 Bytes frei
Nach Suchlauf: 2.758.791.168 Bytes frei
302
Geändert von studentin11 (06.08.2009 um 21:50 Uhr) |
|
06.08.2009, 22:14
| #17 |
  | Worm.Win32.Pinit.gen ?? 1.) Deinstalliere (falls möglich):
__________________
3.) Erstelle ein Filelisting.
Code:
ATTFilter KILLALL::
Driver::
gupdate1c9fc0dee6b6f84
cusbohcn
mchInjDrv
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kopie von KernelFaultCheck"=-
"Adobe Reader Speed Launcher"=-
"SunJavaUpdateSched"=-
"MSConfig"=-
"SpyHunter Security Suite"=-
"QuickTime Task"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
Folder::
d:\programme\Google\Google Updater
d:\programme\Google\Update
d:\programme\Enigma Software Group
D:\SDFix
D:\rsit
d:\dokume~1\ALLUSE~1\ANWEND~1\Google Updater
Rootkit::
d:\windows\system32\drivers\UACvimxowpdqv.sys
d:\windows\system32\uacsr.dat
Files::
d:\windows\system32\actskn45d.exe
d:\windows\system32\3571252021.dat
d:\windows\system32\perfc007.dat
d:\windows\system32\perfh007.dat
d:\windows\system32\xa.tmp
DirLook::
d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss
FileLook::
d:\windows\system32\drivers\StarOpen.sys
Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann. ciao, andreas
__________________ |
|
06.08.2009, 22:32
| #18 |
| | Worm.Win32.Pinit.gen ?? Mensch danke für die Mühe! Ich mach das jetzt, ich bin schon froh daß wieder ienbißchen geht! Und ich habe das gefunden, falls es Arbeit spart
__________________Quarantänedateien löschen - HijackThis.de Support Board der hatte den gleichen mist wie ich:-P |
|
06.08.2009, 22:42
| #19 |
| | Worm.Win32.Pinit.gen ?? Nein, bei dir sieht es weitaus schlimmer aus. Du hattest gleich drei von den fiesen Rootkits, dazu noch ein Backdoorbot und Keylogger, der brav alles protokolliert hat, was du per Tastatur eingegeben hast. Ich würde dem Rechner nicht mehr vertrauen. Mit UACD.sys hatte ich schon häufiger zu tun. http://www.trojaner-board.de/75830-w...light=uacd.sys http://www.trojaner-board.de/71068-p...light=uacd.sys http://www.trojaner-board.de/74097-b...light=uacd.sys http://www.trojaner-board.de/71672-p...light=uacd.sys http://www.trojaner-board.de/71716-g...light=uacd.sys Das waren nur die ersten 5, die ich mit der Boardsuche gefunden habe.  Versuche beim nächsten Durchgang erneut die Wiederherstellungskonsole zu installieren. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
06.08.2009, 23:16
| #20 |
| | Worm.Win32.Pinit.gen ?? Hi, wow okay:-) hier schonmal der Link: Datei Upload, Bilder hochladen, Datei Hosting auf Materialordner.de |
|
06.08.2009, 23:31
| #21 |
| | Worm.Win32.Pinit.gen ?? So wie es aussieht, hast du dich am 2.8. um ca. 2:40 Uhr infiziert. Weißt du noch, was da vorgefallen ist? Warum hast du heute nachmittag mit Norton rumgepfuscht? Bitte nur die Programme starten, die wir nennen und sonst keine. ciao, andreas
__________________ --> Worm.Win32.Pinit.gen ?? |
|
06.08.2009, 23:48
| #22 |
| | Worm.Win32.Pinit.gen ?? Hm, also ja klar hab ich mitgekrigt daß ich mich dainfiziert hab oder halt bzw daß da irgendwas aktiv geworden ist. Ist ja alle rasant in a.. gegangen. Hab aber nichts besonderes gemacht. Browsergame gezoggt und, das weiß ich noch genau, sone musik gesucht von Talking Heads: videoclip auf irgendner komischen Seite (niht Youtube) angesehen. vll hab ich auch grade irgendwelche Toolseiten für das Spiel geöffnet. .. Des wars aber glaube ich an nachtaktivität.. wegen norton-- keine ahnung, hab ich?!? würd ich glatt dementieren aber du hast ja die daten:-) aber hab nichts gemacht seit ich wieder konkrete Hilfe hab. |
|
06.08.2009, 23:51
| #23 |
| | Worm.Win32.Pinit.gen ?? logfile 1. Teil Code:
ATTFilter ComboFix 09-08-06.01 - Rena 07.08.2009 0:19.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.767.494 [GMT 2:00]
ausgeführt von:: d:\dokumente und einstellungen\Rena\Desktop\cofi.exe
Benutzte Befehlsschalter :: d:\dokumente und einstellungen\Rena\Desktop\cfscript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {812BD8E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8132E054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {818AD3FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {820624EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {813067D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8130F56C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8181F414-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8187FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818C4B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818C74A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818DCCA4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818F445C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818F6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8190987C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8190E3C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8190F754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81914DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81916964-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819203FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81921C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8193E7E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8194B054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8194D89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81954B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8199255C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819985BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819A69A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819A8DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819AB53C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819BC89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819C0CD4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819C1C7C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819E79A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819ED7E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81A16334-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81A3A5B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81ADF47C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81B05324-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82070404-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82222C2C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {822AC89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82306ACC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8235451C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8237F89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8238189C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8239D71C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {823AC6DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {823C36DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {823C872C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {823D7624-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {823EFDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82574DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {825A9A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {825E4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {827ADDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82A05ACC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82A0A2D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82A55DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82AAF41C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82AB3634-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82AC72C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82ADF944-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82AEB98C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82AFFC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B2C894-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B4489C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B46C34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B5D054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B5DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B5F874-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B72754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B807E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B8141C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B87054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BB089C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BC5304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BC9A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BC9BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BCB384-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BCB46C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BCEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BD3C24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BD9584-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BE051C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BE5964-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BE872C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BF4304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BF5764-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BF5DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BFEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C04874-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C0751C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C08C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C0BC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C0F35C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C1232C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C123CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C14A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C15054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C1E374-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C213E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C218EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C24914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C25354-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C2E3EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C2F8C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C33DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C3A8CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C3ABA4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C3D89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C3EB5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C42DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C4E2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C50394-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C51B5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C5760C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C5C8EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C5D2BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C623D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C6289C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C6B72C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C6CA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C6CC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C6FA64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C72C4C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C75DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C7DA94-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C7FC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C8277C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C83054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C863DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C86964-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C89964-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C8A5E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C8E840-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C8FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C927A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C92DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C9511C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C96354-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C973EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C976AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C99434-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C995BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA081C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA1804-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA1B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA2DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA55BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA593C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA5A8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA749C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA9384-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CAE6E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CB0634-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CBC77C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CBCDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CC177C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CC2DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CC9DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CD032C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CD2AAC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CD3574-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CD47A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CD48CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CDCDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CE3874-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CE57CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CE85D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CE98EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CEAAD4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CEBDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CEFC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CF2264-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CF656C-FFA4-00DE-0D24-347CA8A3377C}
|
|
06.08.2009, 23:52
| #24 |
| | Worm.Win32.Pinit.gen ?? 2.Teil Code:
ATTFilter AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CF9C24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CFBDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CFC81C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CFCA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CFD864-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D01204-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D013B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D018CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D02DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D03754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D0EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D13BDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D18DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D192C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D1953C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D1A564-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D1AA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D1DDB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D1E74C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D21BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D23544-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D2BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D2CB64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D30974-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D33DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D345C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D36A64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D406DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D41A8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D4463C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D45424-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D454A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D45DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D46DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D4889C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D48C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D4F594-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D50BCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D515E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D517CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D5557C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D57054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D58754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D597E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D5A8DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D5B694-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D5D89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D5D9A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D5FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D633F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D67A7C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D6A6E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D6B914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D6C9AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D716B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D78C44-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D7A484-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D7A89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D8E404-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D92A84-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D99224-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D9B72C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D9C054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D9D2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D9DCA4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D9E994-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DA1054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DA554C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DAE224-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DAEA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DB637C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DBA714-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DBB97C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DBD634-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DDCB64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DEA9FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DEF054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DF2054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DF45BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DF7054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E005B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E0A2C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E0F7A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E107EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E3A44C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E42AB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E445D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E4759C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E4B354-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E6F49C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E73DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EA696C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EAEB4C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EAF754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EB3554-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EB380C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EB59A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EBE7D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EC4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EDB7A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EEB8B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {FFB0D054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {FFB16054-FFA4-00DE-0D24-347CA8A3377C}
.(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\programme\Enigma Software Group
d:\programme\Enigma Software Group\SpyHunter\AXList.txt
d:\programme\Enigma Software Group\SpyHunter\hosts.bak
d:\programme\Enigma Software Group\SpyHunter\key.dat
d:\programme\Enigma Software Group\SpyHunter\rgdata.dat
d:\programme\Enigma Software Group\SpyHunter\scan.log
d:\programme\Enigma Software Group\SpyHunter\spyhunter.log
d:\programme\Enigma Software Group\SpyHunter\support.log
D:\rsit
d:\rsit\info.txt
d:\rsit\log.txt
D:\SDFix
d:\sdfix\apps\Installed.txt
d:\sdfix\apps\leg2.txt
d:\sdfix\apps\legacy.txt
d:\sdfix\apps\legacybk.txt
d:\sdfix\apps\Rem.txt
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CUSBOHCN
-------\Legacy_MCHINJDRV
-------\Service_cusbohcn
((((((((((((((((((((((( Dateien erstellt von 2009-07-06 bis 2009-08-06 ))))))))))))))))))))))))))))))
.
2009-08-06 21:58 . 2009-08-06 21:58 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\NortonInstaller
2009-08-05 09:51 . 2009-08-05 09:51 -------- d-----w- d:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
2009-08-02 09:57 . 2009-08-02 09:57 -------- d-s---w- d:\windows\Downloaded Program Files
2009-08-02 01:06 . 2009-08-02 01:06 -------- d-----w- d:\programme\Trend Micro
2009-08-02 00:41 . 2009-08-02 00:41 109 --sha-w- d:\windows\system32\3571252021.dat
2009-08-02 00:41 . 2009-08-02 00:41 43008 --sh--r- d:\windows\system32\actskn45d.exe
2009-08-01 23:38 . 2009-03-30 08:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys
2009-08-01 23:38 . 2009-03-24 14:08 55640 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-08-01 23:38 . 2009-02-13 10:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys
2009-08-01 23:38 . 2009-02-13 10:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys
2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- d:\programme\Avira
2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2009-07-22 05:39 . 2009-07-16 12:12 52224 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\Mozilla\Firefox\Profiles\2a14pfvb.default\extensions\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}\components\FFExternalAlert.dll
2009-07-22 05:39 . 2009-07-16 12:12 114688 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\Mozilla\Firefox\Profiles\2a14pfvb.default\extensions\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}\components\npmozax.dll
2009-07-18 20:03 . 2009-08-01 07:03 -------- d-----w- d:\dokumente und einstellungen\Rena\Lokale Einstellungen\Anwendungsdaten\Temp
2009-07-16 10:47 . 2009-07-16 10:47 31088 ----a-w- d:\dokumente und einstellungen\Darius Daddelhein\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-07-16 10:47 . 2009-07-16 10:47 -------- d-----w- d:\dokumente und einstellungen\Darius Daddelhein\Lokale Einstellungen\Anwendungsdaten\ATI
2009-07-16 10:47 . 2009-07-16 10:47 -------- d-----w- d:\dokumente und einstellungen\Darius Daddelhein\Anwendungsdaten\ATI
2009-07-11 20:07 . 2009-08-01 21:19 -------- d-----w- d:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\MediaMonkey
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 22:03 . 2007-04-24 10:26 -------- d-----w- d:\programme\Google
2009-08-06 21:42 . 2007-01-22 17:11 -------- d-----w- d:\programme\Java
2009-08-06 21:35 . 2008-07-01 13:57 -------- d-----w- d:\programme\AutostartAdministrator
2009-08-06 21:33 . 2006-09-18 18:34 -------- d-----w- d:\programme\VideoLAN
2009-08-06 21:25 . 2006-09-18 18:29 -------- d-----w- d:\programme\Gemeinsame Dateien\Adobe
2009-08-06 20:25 . 2006-09-18 19:01 31088 -c--a-w- d:\dokumente und einstellungen\Rena\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-08-03 20:32 . 2002-12-31 12:00 70580 ----a-w- d:\windows\system32\perfc007.dat
2009-08-03 20:32 . 2002-12-31 12:00 405118 ----a-w- d:\windows\system32\perfh007.dat
2009-08-01 23:04 . 2009-08-01 23:04 1198496 ----a-w- d:\windows\system32\xa.tmp
2009-07-24 00:59 . 2008-12-05 23:49 -------- d-----w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss
2009-07-07 16:20 . 2009-07-07 16:20 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Electronic Arts
2009-07-07 16:04 . 2009-07-07 16:04 -------- d-----w- d:\programme\Electronic Arts
2009-07-07 13:17 . 2009-07-07 13:16 -------- d-----w- d:\programme\MediaMonkey
2009-07-03 18:43 . 2008-01-02 00:34 -------- d-----w- d:\programme\DivX
2009-07-03 18:41 . 2009-07-03 18:41 -------- d-----w- d:\programme\Gemeinsame Dateien\DivX Shared
2009-06-24 20:19 . 2009-06-24 20:19 -------- d-----w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\Samsung
2009-06-24 20:17 . 2009-06-24 20:03 5632 ----a-w- d:\windows\system32\drivers\StarOpen.sys
2009-06-24 20:04 . 2009-06-24 20:04 -------- d-----w- d:\programme\DIFX
2009-06-24 20:03 . 2009-06-24 20:03 -------- d-----w- d:\programme\Samsung
2009-06-24 20:03 . 2006-09-18 18:58 -------- d--h--w- d:\programme\InstallShield Installation Information
2009-06-24 13:32 . 2008-11-08 14:40 -------- d-----w- d:\programme\iPod
2009-06-24 13:25 . 2008-07-12 13:02 -------- d-----w- d:\programme\mozilla.org
2009-06-24 13:23 . 2008-05-31 11:06 -------- d-----w- d:\programme\Sun
2009-06-24 11:45 . 2007-01-06 11:27 -------- d-----w- d:\programme\CCleaner
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- d:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- d:\programme\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- d:\windows\system32\drivers\StarOpen.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 5632
Created time: 2009-06-24 20:03
Modified time: 2009-06-24 20:17
MD5: 306521935042FC0A6988D528643619B3
SHA1: 3388FD72AFC73C408A5D5FFBD31FCA4C402A0589
---- Directory of d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss ----
2009-07-24 00:59 . 2009-07-24 00:59 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\MONSIEUR_IBRAHIM-2004081215250200-003378011d\00002b5cf5
2009-07-24 00:59 . 2009-07-24 00:59 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\MONSIEUR_IBRAHIM-2004081215250200-003378011d\00002b5cbb
2009-07-24 00:59 . 2009-07-24 00:59 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\MONSIEUR_IBRAHIM-2004081215250200-003378011d\000000cb04
2009-07-24 00:59 . 2009-07-24 00:59 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\MONSIEUR_IBRAHIM-2004081215250200-003378011d\000000c9ae
2009-07-24 00:59 . 2009-07-24 00:59 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\MONSIEUR_IBRAHIM-2004081215250200-003378011d\0000000131
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\00003a368b
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\0000397079
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\000038df70
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\0000339dd9
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\000030ad45
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\000030ad02
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\00002b6b4f
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\00002b6b10
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\000000e2f2
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\000000e123
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\000000013c
2008-12-06 01:17 . 2009-07-24 00:59 199 -c--a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\CACHEDIR.TAG
2008-12-05 23:49 . 2008-12-05 23:49 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\GREAT_EXPECTATIONS-2001100520380000-0000000026\000026407b
2008-12-05 23:49 . 2008-12-05 23:49 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\GREAT_EXPECTATIONS-2001100520380000-0000000026\000000076f
2008-12-05 23:49 . 2008-12-05 23:49 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\GREAT_EXPECTATIONS-2001100520380000-0000000026\00000001f0
2008-12-05 23:49 . 2008-12-05 23:49 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\GREAT_EXPECTATIONS-2001100520380000-0000000026\0000000120
------- Sigcheck -------
[-] 2002-12-31 12:00 359040 1745B00FC1141404B28F4B94F69A8871 d:\windows\system32\dllcache\tcpip.sys
[-] 2002-12-31 12:00 359040 1745B00FC1141404B28F4B94F69A8871 d:\windows\system32\drivers\tcpip.sys
.
|
|
06.08.2009, 23:53
| #25 |
| | Worm.Win32.Pinit.gen ?? 3.Teil Code:
ATTFilter ((((((((((((((((((((((((((((( SnapShot@2009-08-06_20.22.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-12-31 12:00 . 2002-12-31 12:00 37888 d:\windows\system32\url.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 39424 d:\windows\system32\pngfilt.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 97792 d:\windows\system32\occache.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 57344 d:\windows\system32\mshtmler.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 29184 d:\windows\system32\mshta.exe
+ 2002-12-31 12:00 . 2002-12-31 12:00 22016 d:\windows\system32\licmgr10.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 15872 d:\windows\system32\jsproxy.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 96768 d:\windows\system32\inseng.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 35840 d:\windows\system32\imgutil.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 64000 d:\windows\system32\iesetup.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 49152 d:\windows\system32\iernonce.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 81920 d:\windows\system32\ieencode.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 34304 d:\windows\system32\ie4uinit.exe
+ 2002-12-31 12:00 . 2002-12-31 12:00 55808 d:\windows\system32\extmgr.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 37888 d:\windows\system32\dllcache\url.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 39424 d:\windows\system32\dllcache\pngfilt.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 97792 d:\windows\system32\dllcache\occache.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 57344 d:\windows\system32\dllcache\mshtmler.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 29184 d:\windows\system32\dllcache\mshta.exe
+ 2002-12-31 12:00 . 2002-12-31 12:00 22016 d:\windows\system32\dllcache\licmgr10.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 15872 d:\windows\system32\dllcache\jsproxy.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 96768 d:\windows\system32\dllcache\inseng.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 35840 d:\windows\system32\dllcache\imgutil.dll
+ 2006-09-18 17:55 . 2002-12-31 12:00 93184 d:\windows\system32\dllcache\iexplore.exe
+ 2002-12-31 12:00 . 2002-12-31 12:00 64000 d:\windows\system32\dllcache\iesetup.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 49152 d:\windows\system32\dllcache\iernonce.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 81920 d:\windows\system32\dllcache\ieencode.dll
+ 2006-09-18 17:55 . 2002-12-31 12:00 18432 d:\windows\system32\dllcache\iedw.exe
+ 2002-12-31 12:00 . 2002-12-31 12:00 34304 d:\windows\system32\dllcache\ie4uinit.exe
+ 2006-09-18 17:55 . 2002-12-31 12:00 38912 d:\windows\system32\dllcache\hmmapi.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 55808 d:\windows\system32\dllcache\extmgr.dll
+ 2006-09-18 17:56 . 2002-12-31 12:00 28672 d:\windows\system32\dllcache\custsat.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 35328 d:\windows\system32\dllcache\corpol.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 61440 d:\windows\system32\dllcache\admparse.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 35328 d:\windows\system32\corpol.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 61440 d:\windows\system32\admparse.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 662016 d:\windows\system32\wininet.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 281088 d:\windows\system32\webcheck.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 417792 d:\windows\system32\vbscript.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 603136 d:\windows\system32\urlmon.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 474112 d:\windows\system32\shlwapi.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 530432 d:\windows\system32\mstime.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 146432 d:\windows\system32\msrating.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 146432 d:\windows\system32\msls31.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 448512 d:\windows\system32\mshtmled.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 450560 d:\windows\system32\jscript.dll
+ 2009-04-27 20:58 . 2007-03-14 00:04 139264 d:\windows\system32\javaws.exe
+ 2009-04-27 20:58 . 2007-03-13 22:31 135168 d:\windows\system32\javaw.exe
+ 2009-04-27 20:58 . 2007-03-13 22:31 135168 d:\windows\system32\java.exe
+ 2002-12-31 12:00 . 2002-12-31 12:00 249344 d:\windows\system32\iepeers.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 323584 d:\windows\system32\iedkcs32.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 237568 d:\windows\system32\ieakui.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 220672 d:\windows\system32\ieaksie.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 139264 d:\windows\system32\ieakeng.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 201728 d:\windows\system32\dxtrans.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 357888 d:\windows\system32\dxtmsft.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 662016 d:\windows\system32\dllcache\wininet.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 281088 d:\windows\system32\dllcache\webcheck.dll
+ 2006-09-18 17:56 . 2002-12-31 12:00 848384 d:\windows\system32\dllcache\vgx.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 417792 d:\windows\system32\dllcache\vbscript.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 603136 d:\windows\system32\dllcache\urlmon.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 474112 d:\windows\system32\dllcache\shlwapi.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 530432 d:\windows\system32\dllcache\mstime.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 146432 d:\windows\system32\dllcache\msrating.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 146432 d:\windows\system32\dllcache\msls31.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 448512 d:\windows\system32\dllcache\mshtmled.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 450560 d:\windows\system32\dllcache\jscript.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 249344 d:\windows\system32\dllcache\iepeers.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 323584 d:\windows\system32\dllcache\iedkcs32.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 237568 d:\windows\system32\dllcache\ieakui.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 220672 d:\windows\system32\dllcache\ieaksie.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 139264 d:\windows\system32\dllcache\ieakeng.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 201728 d:\windows\system32\dllcache\dxtrans.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 357888 d:\windows\system32\dllcache\dxtmsft.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 102400 d:\windows\system32\dllcache\advpack.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 102400 d:\windows\system32\advpack.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 1483776 d:\windows\system32\shdocvw.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 3003392 d:\windows\system32\mshtml.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 1483776 d:\windows\system32\dllcache\shdocvw.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 3003392 d:\windows\system32\dllcache\mshtml.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 1016832 d:\windows\system32\dllcache\browseui.dll
+ 2002-12-31 12:00 . 2002-12-31 12:00 1016832 d:\windows\system32\browseui.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
d:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - d:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Pinnacle Streaming Server.lnk]
path=d:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Pinnacle Streaming Server.lnk
backup=d:\windows\pss\Pinnacle Streaming Server.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\Programme\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);d:\windows\system32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352]
R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [02.08.2009 01:38 108289]
R3 NeroCd2k;NeroCd2k;d:\windows\system32\drivers\NeroCD2k.sys [16.04.2001 12:54 44227]
S3 MODRC;DiBcom Infrared Receiver;d:\windows\system32\drivers\modrc.sys [25.01.2009 20:23 13824]
S3 TTCinergyT2;TerraTec Cinergy T² (BDA);d:\windows\system32\drivers\TTCinergyT2BDA.sys [19.05.2006 12:31 22528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - d:\dokumente und einstellungen\Rena\Anwendungsdaten\Mozilla\Firefox\Profiles\2a14pfvb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1606659&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1606659&SearchSource=2&q=
FF - component: d:\dokumente und einstellungen\Rena\Anwendungsdaten\Mozilla\Firefox\Profiles\2a14pfvb.default\extensions\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}\components\FFExternalAlert.dll
---- FIREFOX Richtlinien ----
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
d:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-07 00:25
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,1c,8d,af,0f,be,
5d,dd,f7,2e,e8,e1,00,eb,16,2b,de,f1,30,fb,48,4f,12,16,85,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,89,07,f7,a3,dc,
b4,c1,17,46,47,15,b0,92,4b,c7,ef,cb,04,ae,2e,0a,35,30,51,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,32,47,bc,dd,d5,
9a,cf,ef,7a,45,05,fd,91,e8,6f,31,38,26,72,ae,35,c5,44,09,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,93,ac,35,2b,30,
e6,d0,3d,6b,65,49,6a,7e,99,74,f7,a8,99,34,bb,63,4c,5f,27,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,3f,ae,44,21,5e,
f5,41,6a,e9,02,6c,fa,fb,1d,47,57,21,8d,e6,38,00,83,5c,ed,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,80,05,3e,ef,fc,
15,1e,34,50,93,e5,ab,ec,6a,4e,ab,32,6e,0a,2c,3b,7e,a7,ee,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,aa,d4,dd,aa,c0,
86,88,d6,97,20,4e,9a,c7,f1,35,ee,26,65,e4,d4,3c,d2,3d,9b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,d1,c9,cf,25,da,
ad,3c,b6,aa,52,c6,00,84,3c,26,64,8e,2b,b1,3e,44,b5,fe,14,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,45,d1,ca,bc,fa,
b3,3c,df,b2,46,9a,e2,1b,fe,1b,94,54,a9,04,80,d1,9e,9c,90,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,47,bc,78,17,ba,
87,d2,70,37,a4,aa,c3,a6,15,56,0a,57,50,f3,eb,b4,a0,c5,79,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,77,ef,fd,f1,da,
2b,77,9f,f8,31,0f,a9,5f,a0,ec,fb,bc,c3,a0,d2,5a,d6,61,4c,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ac,a3,25,fa,3b,
31,b6,22,05,73,21,dd,54,d8,4a,c5,10,24,29,fd,7f,83,d7,97,6c,43,2d,1e,aa,22,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(576)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(996)
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\windows\system32\ati2evxx.exe
d:\windows\system32\ati2evxx.exe
d:\programme\Avira\AntiVir Desktop\avguard.exe
d:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
d:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-08-06 0:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-08-06 22:29
ComboFix2.txt 2009-08-06 20:28
Vor Suchlauf: 3.282.501.632 Bytes frei
Nach Suchlauf: 3.203.502.080 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
686
|
|
07.08.2009, 00:22
| #26 |
| | Worm.Win32.Pinit.gen ?? Sorry, hab mich vertan, das waren die Deinstallationslogs von Norton. 1.) Deaktiviere den Wächter von Avira. 2.) Packe den Ordner D:\qoobox mit Zip oder Rar, lade ihn bei einem Filehoster hoch (z.B. www.materialordner.de) und schicke mir den Link als Private Nachricht. 3.) Aktiviere den Wächter von Avira. 4.) Scripten mit Combofix
Code:
ATTFilter KILLALL::
RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
SecCenter::
{812BD8E4-FFA4-00DE-0D24-347CA8A3377C}
{8132E054-FFA4-00DE-0D24-347CA8A3377C}
{818AD3FC-FFA4-00DE-0D24-347CA8A3377C}
{820624EC-FFA4-00EF-0D24-347CA8A3377C}
{00000000-0000-0000-0000-000000000000}
{00000246-FFA4-00DE-0D24-347CA8A3377C}
{813067D4-FFA4-00DE-0D24-347CA8A3377C}
{8130F56C-FFA4-00DE-0D24-347CA8A3377C}
{8181F414-FFA4-00DE-0D24-347CA8A3377C}
{8187FDDC-FFA4-00DE-0D24-347CA8A3377C}
{818C4B64-FFA4-00DE-0D24-347CA8A3377C}
{818C74A4-FFA4-00DE-0D24-347CA8A3377C}
{818DCCA4-FFA4-00DE-0D24-347CA8A3377C}
{818F445C-FFA4-00DE-0D24-347CA8A3377C}
{818F6DDC-FFA4-00DE-0D24-347CA8A3377C}
{8190987C-FFA4-00DE-0D24-347CA8A3377C}
{8190E3C4-FFA4-00DE-0D24-347CA8A3377C}
{8190F754-FFA4-00DE-0D24-347CA8A3377C}
{81914DB4-FFA4-00DE-0D24-347CA8A3377C}
{81916964-FFA4-00DE-0D24-347CA8A3377C}
{819203FC-FFA4-00DE-0D24-347CA8A3377C}
{81921C1C-FFA4-00DE-0D24-347CA8A3377C}
{8193E7E4-FFA4-00DE-0D24-347CA8A3377C}
{8194B054-FFA4-00DE-0D24-347CA8A3377C}
{8194D89C-FFA4-00DE-0D24-347CA8A3377C}
{81954B64-FFA4-00DE-0D24-347CA8A3377C}
{8199255C-FFA4-00DE-0D24-347CA8A3377C}
{819985BC-FFA4-00DE-0D24-347CA8A3377C}
{819A69A4-FFA4-00DE-0D24-347CA8A3377C}
{819A8DDC-FFA4-00DE-0D24-347CA8A3377C}
{819AB53C-FFA4-00DE-0D24-347CA8A3377C}
{819BC89C-FFA4-00DE-0D24-347CA8A3377C}
{819C0CD4-FFA4-00DE-0D24-347CA8A3377C}
{819C1C7C-FFA4-00DE-0D24-347CA8A3377C}
{819E79A4-FFA4-00DE-0D24-347CA8A3377C}
{819ED7E4-FFA4-00DE-0D24-347CA8A3377C}
{81A16334-FFA4-00DE-0D24-347CA8A3377C}
{81A3A5B4-FFA4-00DE-0D24-347CA8A3377C}
{81ADF47C-FFA4-00DE-0D24-347CA8A3377C}
{81B05324-FFA4-00DE-0D24-347CA8A3377C}
{82070404-FFA4-00DE-0D24-347CA8A3377C}
{82222C2C-FFA4-00DE-0D24-347CA8A3377C}
{822AC89C-FFA4-00DE-0D24-347CA8A3377C}
{82306ACC-FFA4-00DE-0D24-347CA8A3377C}
{8235451C-FFA4-00DE-0D24-347CA8A3377C}
{8237F89C-FFA4-00DE-0D24-347CA8A3377C}
{8238189C-FFA4-00DE-0D24-347CA8A3377C}
{8239D71C-FFA4-00DE-0D24-347CA8A3377C}
{823AC6DC-FFA4-00DE-0D24-347CA8A3377C}
{823C36DC-FFA4-00DE-0D24-347CA8A3377C}
{823C872C-FFA4-00DE-0D24-347CA8A3377C}
{823D7624-FFA4-00DE-0D24-347CA8A3377C}
{823EFDDC-FFA4-00DE-0D24-347CA8A3377C}
{82574DDC-FFA4-00DE-0D24-347CA8A3377C}
{825A9A5C-FFA4-00DE-0D24-347CA8A3377C}
{825E4DDC-FFA4-00DE-0D24-347CA8A3377C}
{827ADDDC-FFA4-00DE-0D24-347CA8A3377C}
{82A05ACC-FFA4-00DE-0D24-347CA8A3377C}
{82A0A2D4-FFA4-00DE-0D24-347CA8A3377C}
{82A55DDC-FFA4-00DE-0D24-347CA8A3377C}
{82AAF41C-FFA4-00DE-0D24-347CA8A3377C}
{82AB3634-FFA4-00DE-0D24-347CA8A3377C}
{82AC72C4-FFA4-00DE-0D24-347CA8A3377C}
{82ADF944-FFA4-00DE-0D24-347CA8A3377C}
{82AEB98C-FFA4-00DE-0D24-347CA8A3377C}
{82AFFC1C-FFA4-00DE-0D24-347CA8A3377C}
{82B2C894-FFA4-00DE-0D24-347CA8A3377C}
{82B4489C-FFA4-00DE-0D24-347CA8A3377C}
{82B46C34-FFA4-00DE-0D24-347CA8A3377C}
{82B5D054-FFA4-00DE-0D24-347CA8A3377C}
{82B5DDDC-FFA4-00DE-0D24-347CA8A3377C}
{82B5F874-FFA4-00DE-0D24-347CA8A3377C}
{82B72754-FFA4-00DE-0D24-347CA8A3377C}
{82B807E4-FFA4-00DE-0D24-347CA8A3377C}
{82B8141C-FFA4-00DE-0D24-347CA8A3377C}
{82B87054-FFA4-00DE-0D24-347CA8A3377C}
{82BB089C-FFA4-00DE-0D24-347CA8A3377C}
{82BC5304-FFA4-00DE-0D24-347CA8A3377C}
{82BC9A5C-FFA4-00DE-0D24-347CA8A3377C}
{82BC9BF4-FFA4-00DE-0D24-347CA8A3377C}
{82BCB384-FFA4-00DE-0D24-347CA8A3377C}
{82BCB46C-FFA4-00DE-0D24-347CA8A3377C}
{82BCEDDC-FFA4-00DE-0D24-347CA8A3377C}
{82BD3C24-FFA4-00DE-0D24-347CA8A3377C}
{82BD9584-FFA4-00DE-0D24-347CA8A3377C}
{82BE051C-FFA4-00DE-0D24-347CA8A3377C}
{82BE5964-FFA4-00DE-0D24-347CA8A3377C}
{82BE872C-FFA4-00DE-0D24-347CA8A3377C}
{82BF4304-FFA4-00DE-0D24-347CA8A3377C}
{82BF5764-FFA4-00DE-0D24-347CA8A3377C}
{82BF5DDC-FFA4-00DE-0D24-347CA8A3377C}
{82BFEDDC-FFA4-00DE-0D24-347CA8A3377C}
{82C04874-FFA4-00DE-0D24-347CA8A3377C}
{82C0751C-FFA4-00DE-0D24-347CA8A3377C}
{82C08C1C-FFA4-00DE-0D24-347CA8A3377C}
{82C0BC1C-FFA4-00DE-0D24-347CA8A3377C}
{82C0F35C-FFA4-00DE-0D24-347CA8A3377C}
{82C1232C-FFA4-00DE-0D24-347CA8A3377C}
{82C123CC-FFA4-00DE-0D24-347CA8A3377C}
{82C14A5C-FFA4-00DE-0D24-347CA8A3377C}
{82C15054-FFA4-00DE-0D24-347CA8A3377C}
{82C1E374-FFA4-00DE-0D24-347CA8A3377C}
{82C213E4-FFA4-00DE-0D24-347CA8A3377C}
{82C218EC-FFA4-00DE-0D24-347CA8A3377C}
{82C24914-FFA4-00DE-0D24-347CA8A3377C}
{82C25354-FFA4-00DE-0D24-347CA8A3377C}
{82C2E3EC-FFA4-00DE-0D24-347CA8A3377C}
{82C2F8C4-FFA4-00DE-0D24-347CA8A3377C}
{82C33DDC-FFA4-00DE-0D24-347CA8A3377C}
{82C3A8CC-FFA4-00DE-0D24-347CA8A3377C}
{82C3ABA4-FFA4-00DE-0D24-347CA8A3377C}
{82C3D89C-FFA4-00DE-0D24-347CA8A3377C}
{82C3EB5C-FFA4-00DE-0D24-347CA8A3377C}
{82C42DDC-FFA4-00DE-0D24-347CA8A3377C}
{82C4E2DC-FFA4-00DE-0D24-347CA8A3377C}
{82C50394-FFA4-00DE-0D24-347CA8A3377C}
{82C51B5C-FFA4-00DE-0D24-347CA8A3377C}
{82C5760C-FFA4-00DE-0D24-347CA8A3377C}
{82C5C8EC-FFA4-00DE-0D24-347CA8A3377C}
{82C5D2BC-FFA4-00DE-0D24-347CA8A3377C}
{82C623D4-FFA4-00DE-0D24-347CA8A3377C}
{82C6289C-FFA4-00DE-0D24-347CA8A3377C}
{82C6B72C-FFA4-00DE-0D24-347CA8A3377C}
{82C6CA5C-FFA4-00DE-0D24-347CA8A3377C}
{82C6CC1C-FFA4-00DE-0D24-347CA8A3377C}
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b988fb1a-0b62-11de-9163-000c6ec548aa}]
Rootkit::
d:\windows\system32\xa.tmp
d:\windows\system32\actskn45d.exe
Files::
D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\Google Software Updater.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\Norton Security Scan for Rena.job
D:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
07.08.2009, 10:25
| #27 |
| | Worm.Win32.Pinit.gen ??Code:
ATTFilter ComboFix 09-08-06.01 - Rena 07.08.2009 11:08.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.767.512 [GMT 2:00]
ausgeführt von:: d:\dokumente und einstellungen\Rena\Desktop\cofi.exe
Benutzte Befehlsschalter :: d:\dokumente und einstellungen\Rena\Desktop\cfscript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {812BD8E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8132E054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {818AD3FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {820624EC-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {813067D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8130F56C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8181F414-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8187FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818C4B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818C74A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818DCCA4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818F445C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {818F6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8190987C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8190E3C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8190F754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81914DB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81916964-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819203FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81921C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8193E7E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8194B054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8194D89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81954B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8199255C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819985BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819A69A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819A8DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819AB53C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819BC89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819C0CD4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819C1C7C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819E79A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {819ED7E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81A16334-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81A3A5B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81ADF47C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {81B05324-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82070404-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82222C2C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {822AC89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82306ACC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8235451C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8237F89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8238189C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8239D71C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {823AC6DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {823C36DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {823C872C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {823D7624-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {823EFDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82574DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {825A9A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {825E4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {827ADDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82A05ACC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82A0A2D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82A55DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82AAF41C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82AB3634-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82AC72C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82ADF944-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82AEB98C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82AFFC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B2C894-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B4489C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B46C34-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B5D054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B5DDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B5F874-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B72754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B807E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B8141C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82B87054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BB089C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BC5304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BC9A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BC9BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BCB384-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BCB46C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BCEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BD3C24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BD9584-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BE051C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BE5964-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BE872C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BF4304-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BF5764-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BF5DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82BFEDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C04874-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C0751C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C08C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C0BC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C0F35C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C1232C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C123CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C14A5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C15054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C1E374-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C213E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C218EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C24914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C25354-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C2E3EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C2F8C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C33DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C3A8CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C3ABA4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C3D89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C3EB5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C42DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C4E2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C50394-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C51B5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C5760C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C5C8EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C5D2BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C623D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C6289C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C6B72C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C6CA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C6CC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C6FA64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C72C4C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C75DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C7DA94-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C7FC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C8277C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C83054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C863DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C86964-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C89964-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C8A5E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C8E840-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C8FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C927A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C92DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C9511C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C96354-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C973EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C976AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C99434-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82C995BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA081C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA1804-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA1B64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA2DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA55BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA593C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA5A8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA6DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA749C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CA9384-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CAE6E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CB0634-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CBC77C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CBCDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CC177C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CC2DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CC9DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CD032C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CD2AAC-FFA4-00DE-0D24-347CA8A3377C}
|
|
07.08.2009, 10:26
| #28 |
| | Worm.Win32.Pinit.gen ??Code:
ATTFilter AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CD3574-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CD47A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CD48CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CDCDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CE3874-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CE57CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CE85D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CE98EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CEAAD4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CEBDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CEFC1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CF2264-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CF656C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CF9C24-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CFBDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CFC81C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CFCA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82CFD864-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D01204-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D013B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D018CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D02DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D03754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D0EDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D13BDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D18DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D192C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D1953C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D1A564-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D1AA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D1DDB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D1E74C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D21BF4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D23544-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D2BDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D2CB64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D30974-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D33DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D345C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D36A64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D406DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D41A8C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D4463C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D45424-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D454A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D45DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D46DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D4889C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D48C1C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D4F594-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D50BCC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D515E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D517CC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D5557C-FFA4-00EF-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D57054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D58754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D597E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D5A8DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D5B694-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D5D89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D5D9A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D5FDDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D633F4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D67A7C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D6A6E4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D6B914-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D6C9AC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D716B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D78C44-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D7A484-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D7A89C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D8E404-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D92A84-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D99224-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D9B72C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D9C054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D9D2DC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D9DCA4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82D9E994-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DA1054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DA554C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DAE224-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DAEA5C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DB637C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DBA714-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DBB97C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DBD634-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DDCB64-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DEA9FC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DEF054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DF2054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DF45BC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82DF7054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E005B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E0A2C4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E0F7A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E107EC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E3A44C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E42AB4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E445D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E4759C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E4B354-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E6F49C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82E73DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EA696C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EAEB4C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EAF754-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EB3554-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EB380C-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EB59A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EBE7D4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EC4DDC-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EDB7A4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {82EEB8B4-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {FFB0D054-FFA4-00DE-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {FFB16054-FFA4-00DE-0D24-347CA8A3377C}
.
((((((((((((((((((((((( Dateien erstellt von 2009-07-07 bis 2009-08-07 ))))))))))))))))))))))))))))))
.
2009-08-07 08:29 . 2009-08-07 08:30 901367 ----a-w- D:\Qoobox.zip
2009-08-07 08:16 . 2009-08-07 08:16 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\WinZip
2009-08-06 21:58 . 2009-08-06 21:58 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\NortonInstaller
2009-08-05 09:51 . 2009-08-05 09:51 -------- d-----w- d:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
2009-08-02 09:57 . 2009-08-02 09:57 -------- d-s---w- d:\windows\Downloaded Program Files
2009-08-02 01:06 . 2009-08-02 01:06 -------- d-----w- d:\programme\Trend Micro
2009-08-02 00:41 . 2009-08-02 00:41 109 --sha-w- d:\windows\system32\3571252021.dat
2009-08-02 00:41 . 2009-08-02 00:41 43008 --sh--r- d:\windows\system32\actskn45d.exe
2009-08-01 23:38 . 2009-03-30 08:33 96104 ----a-w- d:\windows\system32\drivers\avipbb.sys
2009-08-01 23:38 . 2009-03-24 14:08 55640 ----a-w- d:\windows\system32\drivers\avgntflt.sys
2009-08-01 23:38 . 2009-02-13 10:29 22360 ----a-w- d:\windows\system32\drivers\avgntmgr.sys
2009-08-01 23:38 . 2009-02-13 10:17 45416 ----a-w- d:\windows\system32\drivers\avgntdd.sys
2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- d:\programme\Avira
2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2009-07-22 05:39 . 2009-07-16 12:12 52224 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\Mozilla\Firefox\Profiles\2a14pfvb.default\extensions\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}\components\FFExternalAlert.dll
2009-07-22 05:39 . 2009-07-16 12:12 114688 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\Mozilla\Firefox\Profiles\2a14pfvb.default\extensions\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}\components\npmozax.dll
2009-07-18 20:03 . 2009-08-01 07:03 -------- d-----w- d:\dokumente und einstellungen\Rena\Lokale Einstellungen\Anwendungsdaten\Temp
2009-07-16 10:47 . 2009-07-16 10:47 31088 ----a-w- d:\dokumente und einstellungen\Darius Daddelhein\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-07-16 10:47 . 2009-07-16 10:47 -------- d-----w- d:\dokumente und einstellungen\Darius Daddelhein\Lokale Einstellungen\Anwendungsdaten\ATI
2009-07-16 10:47 . 2009-07-16 10:47 -------- d-----w- d:\dokumente und einstellungen\Darius Daddelhein\Anwendungsdaten\ATI
2009-07-11 20:07 . 2009-08-01 21:19 -------- d-----w- d:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\MediaMonkey
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 22:03 . 2007-04-24 10:26 -------- d-----w- d:\programme\Google
2009-08-06 21:42 . 2007-01-22 17:11 -------- d-----w- d:\programme\Java
2009-08-06 21:35 . 2008-07-01 13:57 -------- d-----w- d:\programme\AutostartAdministrator
2009-08-06 21:33 . 2006-09-18 18:34 -------- d-----w- d:\programme\VideoLAN
2009-08-06 21:25 . 2006-09-18 18:29 -------- d-----w- d:\programme\Gemeinsame Dateien\Adobe
2009-08-06 20:25 . 2006-09-18 19:01 31088 -c--a-w- d:\dokumente und einstellungen\Rena\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-08-03 20:32 . 2002-12-31 12:00 70580 ----a-w- d:\windows\system32\perfc007.dat
2009-08-03 20:32 . 2002-12-31 12:00 405118 ----a-w- d:\windows\system32\perfh007.dat
2009-08-01 23:04 . 2009-08-01 23:04 1198496 ----a-w- d:\windows\system32\xa.tmp
2009-07-24 00:59 . 2008-12-05 23:49 -------- d-----w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss
2009-07-07 16:20 . 2009-07-07 16:20 -------- d-----w- d:\dokumente und einstellungen\All Users\Anwendungsdaten\Electronic Arts
2009-07-07 16:04 . 2009-07-07 16:04 -------- d-----w- d:\programme\Electronic Arts
2009-07-07 13:17 . 2009-07-07 13:16 -------- d-----w- d:\programme\MediaMonkey
2009-07-03 18:43 . 2008-01-02 00:34 -------- d-----w- d:\programme\DivX
2009-07-03 18:41 . 2009-07-03 18:41 -------- d-----w- d:\programme\Gemeinsame Dateien\DivX Shared
2009-06-24 20:19 . 2009-06-24 20:19 -------- d-----w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\Samsung
2009-06-24 20:17 . 2009-06-24 20:03 5632 ----a-w- d:\windows\system32\drivers\StarOpen.sys
2009-06-24 20:04 . 2009-06-24 20:04 -------- d-----w- d:\programme\DIFX
2009-06-24 20:03 . 2009-06-24 20:03 -------- d-----w- d:\programme\Samsung
2009-06-24 20:03 . 2006-09-18 18:58 -------- d--h--w- d:\programme\InstallShield Installation Information
2009-06-24 13:32 . 2008-11-08 14:40 -------- d-----w- d:\programme\iPod
2009-06-24 13:25 . 2008-07-12 13:02 -------- d-----w- d:\programme\mozilla.org
2009-06-24 13:23 . 2008-05-31 11:06 -------- d-----w- d:\programme\Sun
2009-06-24 11:45 . 2007-01-06 11:27 -------- d-----w- d:\programme\CCleaner
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- d:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- d:\programme\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- d:\windows\system32\drivers\StarOpen.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 5632
Created time: 2009-06-24 20:03
Modified time: 2009-06-24 20:17
MD5: 306521935042FC0A6988D528643619B3
SHA1: 3388FD72AFC73C408A5D5FFBD31FCA4C402A0589
---- Directory of d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss ----
2009-07-24 00:59 . 2009-07-24 00:59 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\MONSIEUR_IBRAHIM-2004081215250200-003378011d\00002b5cf5
2009-07-24 00:59 . 2009-07-24 00:59 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\MONSIEUR_IBRAHIM-2004081215250200-003378011d\00002b5cbb
2009-07-24 00:59 . 2009-07-24 00:59 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\MONSIEUR_IBRAHIM-2004081215250200-003378011d\000000cb04
2009-07-24 00:59 . 2009-07-24 00:59 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\MONSIEUR_IBRAHIM-2004081215250200-003378011d\000000c9ae
2009-07-24 00:59 . 2009-07-24 00:59 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\MONSIEUR_IBRAHIM-2004081215250200-003378011d\0000000131
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\00003a368b
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\0000397079
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\000038df70
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\0000339dd9
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\000030ad45
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\000030ad02
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\00002b6b4f
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\00002b6b10
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\000000e2f2
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\000000e123
2009-07-09 23:20 . 2009-07-09 23:20 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\HEAD_IN_THE_CLOUDS-2005041517434700-0020c3bd49\000000013c
2008-12-06 01:17 . 2009-07-24 00:59 199 -c--a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\CACHEDIR.TAG
2008-12-05 23:49 . 2008-12-05 23:49 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\GREAT_EXPECTATIONS-2001100520380000-0000000026\000026407b
2008-12-05 23:49 . 2008-12-05 23:49 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\GREAT_EXPECTATIONS-2001100520380000-0000000026\000000076f
2008-12-05 23:49 . 2008-12-05 23:49 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\GREAT_EXPECTATIONS-2001100520380000-0000000026\00000001f0
2008-12-05 23:49 . 2008-12-05 23:49 16 ----a-w- d:\dokumente und einstellungen\Rena\Anwendungsdaten\dvdcss\GREAT_EXPECTATIONS-2001100520380000-0000000026\0000000120
|
|
07.08.2009, 10:27
| #29 |
| | Worm.Win32.Pinit.gen ??Code:
ATTFilter ------- Sigcheck -------
[-] 2002-12-31 12:00 359040 1745B00FC1141404B28F4B94F69A8871 d:\windows\system32\dllcache\tcpip.sys
[-] 2002-12-31 12:00 359040 1745B00FC1141404B28F4B94F69A8871 d:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
d:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - d:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Pinnacle Streaming Server.lnk]
path=d:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Pinnacle Streaming Server.lnk
backup=d:\windows\pss\Pinnacle Streaming Server.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"helpsvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"f:\\World of Warcraft\\BackgroundDownloader.exe"=
"d:\\Programme\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);d:\windows\system32\drivers\sfdrv01a.sys [05.07.2006 14:46 63352]
R2 AntiVirSchedulerService;Avira AntiVir Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [02.08.2009 01:38 108289]
R3 NeroCd2k;NeroCd2k;d:\windows\system32\drivers\NeroCD2k.sys [16.04.2001 12:54 44227]
S3 MODRC;DiBcom Infrared Receiver;d:\windows\system32\drivers\modrc.sys [25.01.2009 20:23 13824]
S3 TTCinergyT2;TerraTec Cinergy T² (BDA);d:\windows\system32\drivers\TTCinergyT2BDA.sys [19.05.2006 12:31 22528]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Nach Microsoft &Excel exportieren - d:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - d:\dokumente und einstellungen\Rena\Anwendungsdaten\Mozilla\Firefox\Profiles\2a14pfvb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1606659&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1606659&SearchSource=2&q=
FF - component: d:\dokumente und einstellungen\Rena\Anwendungsdaten\Mozilla\Firefox\Profiles\2a14pfvb.default\extensions\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}\components\FFExternalAlert.dll
---- FIREFOX Richtlinien ----
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\programme\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
d:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-07 11:15
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,1c,8d,af,0f,be,
5d,dd,f7,2e,e8,e1,00,eb,16,2b,de,f1,30,fb,48,4f,12,16,85,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,89,07,f7,a3,dc,
b4,c1,17,46,47,15,b0,92,4b,c7,ef,cb,04,ae,2e,0a,35,30,51,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,32,47,bc,dd,d5,
9a,cf,ef,7a,45,05,fd,91,e8,6f,31,38,26,72,ae,35,c5,44,09,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,93,ac,35,2b,30,
e6,d0,3d,6b,65,49,6a,7e,99,74,f7,a8,99,34,bb,63,4c,5f,27,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,3f,ae,44,21,5e,
f5,41,6a,e9,02,6c,fa,fb,1d,47,57,21,8d,e6,38,00,83,5c,ed,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,80,05,3e,ef,fc,
15,1e,34,50,93,e5,ab,ec,6a,4e,ab,32,6e,0a,2c,3b,7e,a7,ee,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,aa,d4,dd,aa,c0,
86,88,d6,97,20,4e,9a,c7,f1,35,ee,26,65,e4,d4,3c,d2,3d,9b,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,d1,c9,cf,25,da,
ad,3c,b6,aa,52,c6,00,84,3c,26,64,8e,2b,b1,3e,44,b5,fe,14,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,45,d1,ca,bc,fa,
b3,3c,df,b2,46,9a,e2,1b,fe,1b,94,54,a9,04,80,d1,9e,9c,90,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,47,bc,78,17,ba,
87,d2,70,37,a4,aa,c3,a6,15,56,0a,57,50,f3,eb,b4,a0,c5,79,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,77,ef,fd,f1,da,
2b,77,9f,f8,31,0f,a9,5f,a0,ec,fb,bc,c3,a0,d2,5a,d6,61,4c,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,ac,a3,25,fa,3b,
31,b6,22,05,73,21,dd,54,d8,4a,c5,10,24,29,fd,7f,83,d7,97,6c,43,2d,1e,aa,22,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(576)
d:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3952)
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
d:\windows\system32\ati2evxx.exe
d:\windows\system32\ati2evxx.exe
d:\programme\Avira\AntiVir Desktop\avguard.exe
d:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
d:\programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\programme\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-08-07 11:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-08-07 09:19
ComboFix2.txt 2009-08-06 22:29
ComboFix3.txt 2009-08-06 20:28
Vor Suchlauf: 3.196.260.352 Bytes frei
Nach Suchlauf: 3.154.190.336 Bytes frei
568
|
|
07.08.2009, 16:04
| #30 |
| | Worm.Win32.Pinit.gen ?? Du hast beim zweiten Mal das falsche Skript genommen. Lade dir den Anhang auf deinen Desktop und ziehe den dann auf das ComboFix-Symbol. Das ist das längste Script, dass ich jemals erstellt habe. Das Log wird sehr groß werden, du kannst es auch bei einem Filehoster hochladen und hier den Link posten. Die Datei, die du mir zugeschickt hast, liess sich leider nicht entpacken. 1.) Lade dir http://filepony.de/download-winrar/ 2.) Installiere Winrar. 3.) Deaktiviere den Wächter von Avira. 4.) Starte den Windowsexplorer, navigiere zu D:\qoobox, Mausklick rechts auf den Ordner => Add to "qoobox.rar" => Lade das Archiv bei einem Filehoster hoch und schicke mir den Link als PN. 5.) Aktiviere den Wächter von Avira. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
| Themen zu Worm.Win32.Pinit.gen ?? |
| 1.exe, adobe, antivir, antivir guard, avg, avira, bho, dateien, desktop, einstellungen, excel, explorer, firefox, google update, gupdate, hijackthis, hkus\s-1-5-18, hotkey, internet, internet explorer, microsoft, mozilla, net.net, pdf, plug-in, programme, sdra64.exe, software, system, temp, userinit.exe, windows, windows xp |
Linear-Darstellung
