Trojandownloader versteckt mir rootkit?

Benni · 25.04.2007, 16:01

Logfile of HijackThis v1.99.1
Scan saved at 16:58:04, on 25.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
E:\SSS\SimpleScreenshot.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Hijack\checkit.com.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll
O2 - BHO: (no name) - {D9B6F0B5-ABF5-4AE4-A68E-14BAAC01735A} - C:\WINDOWS\system32\jkkhe.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176546485086
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkkhe - C:\WINDOWS\system32\jkkhe.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Benni · 25.04.2007, 16:47

So, lasse gerade F-Secure laufen. Poste dann gleich den Lofile.
Gruß Benni

Benni · 25.04.2007, 16:50

04/25/07 17:45:51 [Info]: BlackLight Engine 1.0.61 initialized
04/25/07 17:45:51 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/25/07 17:45:51 [Note]: 7019 4
04/25/07 17:45:51 [Note]: 7005 0
04/25/07 17:46:03 [Note]: 7006 0
04/25/07 17:46:03 [Note]: 7011 1636
04/25/07 17:46:03 [Note]: 7026 0
04/25/07 17:46:04 [Note]: 7026 0
04/25/07 17:46:10 [Note]: FSRAW library version 1.7.1021
04/25/07 17:49:15 [Note]: 2000 1012
04/25/07 17:49:58 [Note]: 7007 0

Benni · 25.04.2007, 17:27

so was soll ich jetzt machen?

**Sunny** · 25.04.2007, 17:30

Zitat:

Zitat von Benni

so was soll ich jetzt machen?

Arbeiten mit MWAV (eScan)

* Lies dir folgende Anleitung genau durch und arbeite sie ab:
-> Anleitung eScan
* Wichtig: Poste im Anschluss das Ergebnis mit Hilfe der “find.bat”.
(steht alles ganz genau in der Anleitung.)

Steht weiter unten die Anleitung!

Benni · 25.04.2007, 19:12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
find.bat Version 2007.04.20.01
Installationssprache Englisch
find.bat im normalen Modus ausgefuehrt

Microsoft Windows XP [Version 5.1.2600]
Version REG_SZ 9.1.9
Wed Apr 25 08:50:57 2007 => Virus Database Date: 4/23/2007
Wed Apr 25 08:58:15 2007 => Virus Database Date: 4/23/2007
Wed Apr 25 09:00:36 2007 => Virus Database Date: 4/23/2007
Wed Apr 25 09:02:52 2007 => Virus Database Date: 4/23/2007
Wed Apr 25 09:02:57 2007 => Virus Database Date: 4/23/2007
Wed Apr 25 09:03:03 2007 => Virus Database Date: 4/23/2007
Wed Apr 25 17:55:15 2007 => Virus Database Date: 4/23/2007
Wed Apr 25 18:03:24 2007 => Virus Database Date: 4/23/2007
Wed Apr 25 18:07:31 2007 => Virus Database Date: 4/23/2007
Wed Apr 25 19:31:29 2007 => Virus Database Date: 4/23/2007
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Apr 25 08:54:01 2007 => Object "wareout Adware" found in File System! Action Taken: Entries Removed.
~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
Wed Apr 25 09:06:12 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AC00002\4EECFB64.VBN//CryptZ infected by "Trojan.Win32.BHO.g" Virus! Action Taken: File Deleted.
Wed Apr 25 09:06:14 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC80003\4FECFD0B.VBN//CryptZ infected by "Trojan.Win32.BHO.g" Virus! Action Taken: File Deleted.
Wed Apr 25 09:06:16 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BD40002\4FFDE723.VBN//CryptZ infected by "Trojan.Win32.BHO.g" Virus! Action Taken: File Deleted.
Wed Apr 25 09:06:17 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF40000\4FFCD711.VBN//CryptZ infected by "Trojan-Spy.Win32.VBStat.h" Virus! Action Taken: File Deleted.
Wed Apr 25 09:06:19 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D700002\4F7EE86C.VBN//CryptZ infected by "Trojan.Win32.BHO.g" Virus! Action Taken: File Deleted.
Wed Apr 25 09:06:22 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002\4FFE522E.VBN//CryptZ infected by "Trojan.Win32.BHO.g" Virus! Action Taken: File Deleted.
Wed Apr 25 19:42:06 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CC40001\4EEF6656.VBN//CryptZ infected by "Trojan-Spy.Win32.VBStat.h" Virus! Action Taken: No Action Taken.
Wed Apr 25 19:42:07 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CC40003.VBN//CryptZ infected by "Trojan.Win32.BHO.g" Virus! Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
Wed Apr 25 09:06:11 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AC00000.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.hb". Action Taken: File Deleted.
Wed Apr 25 09:06:12 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AC00001.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.ir". Action Taken: File Deleted.
Wed Apr 25 09:06:13 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AC00003\4EECFB7E.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.hb". Action Taken: File Deleted.
Wed Apr 25 09:06:13 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC80000.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.ir". Action Taken: File Deleted.
Wed Apr 25 09:06:14 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC80001.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.hb". Action Taken: File Deleted.
Wed Apr 25 09:06:14 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC80002\4FECFCF3.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.hb". Action Taken: File Deleted.
Wed Apr 25 09:06:15 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BD40000\4FFDE6E3.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.ir". Action Taken: File Deleted.
Wed Apr 25 09:06:15 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BD40001\4FFDE701.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.hb". Action Taken: File Deleted.
Wed Apr 25 09:06:16 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BD40003\4FFDE75D.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.hb". Action Taken: File Deleted.
Wed Apr 25 09:06:17 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF40001\4FFCD75D.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.hb". Action Taken: File Deleted.
Wed Apr 25 09:06:18 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D700000\4F7EE834.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.ir". Action Taken: File Deleted.
Wed Apr 25 09:06:18 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D700001\4F7EE851.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.hb". Action Taken: File Deleted.
Wed Apr 25 09:06:19 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D700003\4F7EE8B1.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.hb". Action Taken: File Deleted.
Wed Apr 25 09:06:21 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4FFE5200.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.hb". Action Taken: File Deleted.
Wed Apr 25 09:06:21 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0001\4FFE5219.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.ir". Action Taken: File Deleted.
Wed Apr 25 09:06:22 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0003\4FFE5244.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.hb". Action Taken: File Deleted.
Wed Apr 25 19:42:06 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CC40000\4EEF65ED.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.ir". Action Taken: No Action Taken.
Wed Apr 25 19:42:06 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CC40002.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.hb". Action Taken: No Action Taken.
Wed Apr 25 19:42:07 2007 => File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CC40004.VBN//CryptZ tagged as "not-a-virus:AdWare.Win32.Virtumonde.hb". Action Taken: No Action Taken.
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
Wed Apr 25 08:54:01 2007 => Offending Folder found: C:\Documents and Settings\All Users\Application Data\cyberlink\powerdvd\ipower\images\hd
~~~~~~~~~~~
Registry
~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Prozesse und Module
~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
Wed Apr 25 19:41:47 2007 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip: Scanning Failure!!!
Wed Apr 25 19:41:47 2007 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip: Scanning Failure!!!
Wed Apr 25 19:41:47 2007 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar2.zip: Scanning Failure!!!
Wed Apr 25 19:41:47 2007 => Result: ERROR!!! File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar3.zip: Scanning Failure!!!
Wed Apr 25 19:58:40 2007 => Result: ERROR!!! File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI: Scanning Failure!!!
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath REG_EXPAND_SZ %SystemRoot%\System32\drivers\etc
C:\WINDOWS\system32\drivers\etc\hosts:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Apr 25 08:58:15 2007 => Total Critical Objects: 1
Wed Apr 25 09:02:52 2007 => Total Critical Objects: 0
Wed Apr 25 09:02:57 2007 => Total Critical Objects: 0
Wed Apr 25 18:03:24 2007 => Total Critical Objects: 0
Wed Apr 25 08:58:15 2007 => Total Disinfected Objects: 0
Wed Apr 25 09:02:52 2007 => Total Disinfected Objects: 0
Wed Apr 25 09:02:57 2007 => Total Disinfected Objects: 0
Wed Apr 25 18:03:24 2007 => Total Disinfected Objects: 0
Wed Apr 25 08:58:15 2007 => Total Objects Renamed: 0
Wed Apr 25 09:02:52 2007 => Total Objects Renamed: 0
Wed Apr 25 09:02:57 2007 => Total Objects Renamed: 0
Wed Apr 25 18:03:24 2007 => Total Objects Renamed: 0
Wed Apr 25 08:58:15 2007 => Total Deleted Objects: 31
Wed Apr 25 09:02:52 2007 => Total Deleted Objects: 0
Wed Apr 25 09:02:57 2007 => Total Deleted Objects: 0
Wed Apr 25 18:03:24 2007 => Total Deleted Objects: 0
Wed Apr 25 08:58:15 2007 => Total Errors: 33
Wed Apr 25 09:02:52 2007 => Total Errors: 0
Wed Apr 25 09:02:57 2007 => Total Errors: 0
Wed Apr 25 18:03:24 2007 => Total Errors: 0
Wed Apr 25 08:58:15 2007 => Time Elapsed: 00:05:47
Wed Apr 25 09:02:52 2007 => Time Elapsed: 00:00:38
Wed Apr 25 09:02:57 2007 => Time Elapsed: 00:00:38
Wed Apr 25 18:03:24 2007 => Time Elapsed: 00:05:41
Wed Apr 25 08:58:15 2007 => Total Objects Scanned: 25687
Wed Apr 25 09:02:52 2007 => Total Objects Scanned: 4483
Wed Apr 25 09:02:57 2007 => Total Objects Scanned: 0
Wed Apr 25 18:03:24 2007 => Total Objects Scanned: 25511
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wed Apr 25 08:52:29 2007 => Memory Check: Enabled
Wed Apr 25 09:02:15 2007 => Memory Check: Enabled
Wed Apr 25 09:02:56 2007 => Memory Check: Enabled
Wed Apr 25 09:04:06 2007 => Memory Check: Enabled
Wed Apr 25 17:57:44 2007 => Memory Check: Enabled
Wed Apr 25 19:38:04 2007 => Memory Check: Enabled
Wed Apr 25 08:52:29 2007 => Registry Check: Enabled
Wed Apr 25 09:02:15 2007 => Registry Check: Enabled
Wed Apr 25 09:02:56 2007 => Registry Check: Enabled
Wed Apr 25 09:04:06 2007 => Registry Check: Enabled
Wed Apr 25 17:57:44 2007 => Registry Check: Enabled
Wed Apr 25 19:38:04 2007 => Registry Check: Enabled
Wed Apr 25 08:52:29 2007 => System Folder Check: Enabled
Wed Apr 25 09:02:15 2007 => System Folder Check: Enabled
Wed Apr 25 09:02:56 2007 => System Folder Check: Enabled
Wed Apr 25 09:04:06 2007 => System Folder Check: Enabled
Wed Apr 25 17:57:44 2007 => System Folder Check: Enabled
Wed Apr 25 19:38:04 2007 => System Folder Check: Enabled
Wed Apr 25 08:52:29 2007 => System Area Check: Disabled
Wed Apr 25 09:02:15 2007 => System Area Check: Disabled
Wed Apr 25 09:02:56 2007 => System Area Check: Disabled
Wed Apr 25 09:04:06 2007 => System Area Check: Disabled
Wed Apr 25 17:57:44 2007 => System Area Check: Disabled
Wed Apr 25 19:38:04 2007 => System Area Check: Disabled
Wed Apr 25 08:52:29 2007 => Services Check: Enabled
Wed Apr 25 09:02:15 2007 => Services Check: Enabled
Wed Apr 25 09:02:56 2007 => Services Check: Enabled
Wed Apr 25 09:04:06 2007 => Services Check: Enabled
Wed Apr 25 17:57:44 2007 => Services Check: Enabled
Wed Apr 25 19:38:05 2007 => Services Check: Enabled
Wed Apr 25 08:52:29 2007 => Drive Check Option Disabled
Wed Apr 25 09:02:15 2007 => Drive Check: Disabled
Wed Apr 25 09:02:15 2007 => All Drive Check :Enabled
Wed Apr 25 09:02:56 2007 => Drive Check: Disabled
Wed Apr 25 09:02:56 2007 => All Drive Check :Enabled
Wed Apr 25 09:04:06 2007 => Drive Check: Disabled
Wed Apr 25 09:04:06 2007 => All Drive Check :Enabled
Wed Apr 25 17:57:44 2007 => Drive Check Option Disabled
Wed Apr 25 19:38:05 2007 => Drive Check: Disabled
Wed Apr 25 19:38:05 2007 => All Drive Check :Enabled
Wed Apr 25 09:02:15 2007 => All Drive Check :Enabled
Wed Apr 25 09:02:56 2007 => All Drive Check :Enabled
Wed Apr 25 09:04:06 2007 => All Drive Check :Enabled
Wed Apr 25 19:38:05 2007 => All Drive Check :Enabled

Benni · 25.04.2007, 19:20

sorry, der war noch garnicht fertig mit scannen.
Es kommt gleich nochmal einer.
Gruß Benni

Trojandownloader versteckt mir rootkit?

Plagegeister aller Art und deren Bekämpfung: Trojandownloader versteckt mir rootkit?

Trojanerdownloader versteckt mit rootkit?