Bitte um Auswertung

Oliveroderwas · 17.12.2007, 21:26

Hi liebe Community,

nach einer Lan mit ein paar Freunden, wurde bei einem Freund ein Virus festgestellt jedoch kam bei mir keine Meldung das etwas geblockt wurde. Jetzt bin ich ein bisschen unsicher ob ich mir da was eingefangen habe.
Wäre sehr nett wenn ihr mal kurz drüber guckt.

Mfg Oliver

Logfile of HijackThis v1.99.1

[edit]
bitte editiere zukünftig deine links, wie es dir u.a. hier angezeigt wird:
http://www.trojaner-board.de/22771-a...tml#post171958

danke
GUA

[/edit]

Oliveroderwas · 17.12.2007, 22:14

Noch folgende Infos:
Ich habe Vista Home Premium denke auch auf dem neusten Stand.
Norton Anti Virus.

Oliveroderwas · 18.12.2007, 13:12

So hier die neue Log:

Logfile of HijackThis v1.99.1
Scan saved at 21:19:11, on 17.12.2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Benutzer\AppData\Local\Temp\Rar$EX00.562\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - h**p://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - h**p://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

11Boy11 · 18.12.2007, 16:58

Hallo,

bitte folgendes abarbeiten:

1) - eScan auführen & Bericht Posten

2) - Combofix ausführen & Bericht Posten

Oliveroderwas · 18.12.2007, 17:26

Hi und danke erstmal für die Hilfe
Edit:Hat sich geklärt.

Oliveroderwas · 18.12.2007, 19:15

So hier schon mal der Escan
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
find.bat Version 2007.06.16.01

Microsoft Windows [Version 6.0.6000]
Bootmodus: NETWORK

eScan Version: 9.6.2
Sprache: German
Virus-Datenbank Datum: 12/18/2007

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Object "smitfraud Browser Hijacker" in Dateisystem gefunden! Folgende Maßnahme wurde durchgeführt: Keine Aktion vorgenommen.
System found infected with video activex access Trojan ({7e853d72-626a-48ec-a868-ba8d5e23e045})! Action taken: Keine Aktion vorgenommen.
System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: Keine Aktion vorgenommen.
System found infected with freespyscannerandremover Corrupted Adware/Spyware (symlcsv1.exe)! Action taken: Keine Aktion vorgenommen.
System found infected with whenu.savenow Spyware/Adware (war3_install.exe)! Action taken: Keine Aktion vorgenommen.
System found infected with whenu.savenow Spyware/Adware (cmdlineext02.dll)! Action taken: Keine Aktion vorgenommen.
System found infected with lop.com Spyware/Adware (1111.exe)! Action taken: Keine Aktion vorgenommen.
System found infected with freespyscannerandremover Corrupted Adware/Spyware (symlcsv1.exe)! Action taken: Keine Aktion vorgenommen.
System found infected with whenu.savenow Spyware/Adware (war3_install.exe)! Action taken: Keine Aktion vorgenommen.
System found infected with hotbar Spyware/Adware (games.lnk)! Action taken: Keine Aktion vorgenommen.
System found infected with hotbar Spyware/Adware (games.lnk)! Action taken: Keine Aktion vorgenommen.

~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
Datei C:\Program Files\CryptLoad_1.0.4\router\FRITZ!Box\nc.exe markiert als not-a-virus:RemoteAdmin.Win32.NetCat. Keine Aktion vorgenommen.
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
Offending file found: C:\Users\XXX~1\AppData\Local\Temp\cmdlineext02.dll
Offending file found: C:\Users\XXX\AppData\Local\Temp\symlcsv1.exe
Offending file found: C:\Users\XXX~1\AppData\Local\Temp\war3_install.exe
Offending file found: C:\Users\XXX\AppData\Local\temp\cmdlineext02.dll
Offending file found: C:\Users\XXX\AppData\Local\temp\patcher\patcher4936\stagingarea\1111.exe
Offending file found: C:\Users\XXX\AppData\Local\temp\symlcsv1.exe
Offending file found: C:\Users\XXX \AppData\Local\temp\war3_install.exe
Offending file found: C:\Users\XXX \AppData\Roaming\microsoft\windows\recent\games.lnk
Offending file found: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Recent\games.lnk
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
Offending Folder found: C:\Users\XXX\AppData\Roaming\icq\bart\1024
~~~~~~~~~~~
Registry
~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Prozesse und Module
~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
C:\Program Files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ko.lproj\QuickTimeAudioSupportLocalized.dll nicht gescannt. Wahrscheinlich durch Passwort geschützt...
C:\ProgramData\Apple Computer\Installer Cache\iTunes 7.5.0.20\QuickTime.msi nicht gescannt. Wahrscheinlich durch Passwort geschützt...
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
Zeilen die nicht dem Standard entsprechen:
C:\Windows\System32\drivers\etc\hosts :
C:\Windows\System32\drivers\etc\hosts :::1 localhost
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Gescannte Dateien: 153728
Gefundene Viren: 12
Anzahl der desinfizierten Dateien: 0
Umbenannte Dateien: 0
Anzahl der gelöschten Dateien: 0
Anzahl Fehler: 94
Dauer des Scans bisher: 01:27:26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Specherüberprüfung: Aktiviert
Registry Überprüfung: Aktiviert
System-Ordner Überprüfung: Aktiviert
Überprüfung der Systembereiche: Deaktiviert
Überprüfung der Dienste: Aktiviert
Überprüfung der Festplatten: Deaktiviert
Überprüfung aller Festplatten :Aktiviert

Batchstart: 19:09:19,53
Batchende: 19:09:44,22

Oliveroderwas · 18.12.2007, 19:30

Hier noch der Combofix:
ComboFix 07-12-18.1 - Vorname Nachname 2007-12-18 19:19:50.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1339 [GMT 1:00]
ausgeführt von:: C:\Users\XXX\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2007-11-18 bis 2007-12-18 ))))))))))))))))))))))))))))))
.

2007-12-18 19:08 . 2007-12-18 19:08 26 --a------ C:\23990098.$$$
2007-12-18 17:45 . 2007-12-18 17:45 <DIR> d-a------ C:\Windows\zts2.exe
2007-12-18 17:45 . 2007-12-18 17:45 <DIR> d-a------ C:\Windows\System32\vcmgcd32.dll
2007-12-18 17:45 . 2007-12-18 17:45 <DIR> d-a------ C:\Windows\System32\iifgfgf.dll
2007-12-18 17:45 . 2007-12-18 17:45 <DIR> d-a------ C:\Windows\rundll16.exe
2007-12-18 17:45 . 2007-12-18 17:45 <DIR> d-a------ C:\Windows\rundl132.dll
2007-12-18 17:45 . 2007-12-18 17:45 <DIR> d-a------ C:\Windows\logo1_.exe
2007-12-18 17:19 . 2007-12-18 17:39 50 --a------ C:\Windows\Lic.xxx
2007-12-15 23:08 . 2007-12-17 18:36 <DIR> d-------- C:\Downloads
2007-12-15 22:42 . 2007-12-17 14:12 <DIR> d-------- C:\Program Files\CryptLoad_1.0.4
2007-12-13 22:10 . 2007-12-13 22:10 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-13 22:10 . 2007-12-13 22:10 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-13 22:10 . 2007-12-13 22:10 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-13 22:10 . 2007-12-13 22:10 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-13 22:08 . 2007-12-13 22:08 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-13 22:08 . 2007-12-13 22:08 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-13 22:07 . 2007-12-13 22:07 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-13 17:05 . 2007-12-13 17:06 <DIR> d-------- C:\Program Files\Project64 1.6
2007-12-11 20:51 . 2007-12-11 21:15 <DIR> d-------- C:\Users\XXX\AppData\Roaming\Ventrilo
2007-12-11 20:48 . 2007-12-11 20:48 <DIR> d-------- C:\Program Files\Ventrilo
2007-12-09 14:22 . 2007-12-09 14:22 <DIR> d-------- C:\Users\XXX\.gwteambuilder
2007-12-09 14:21 . 2007-12-09 14:21 <DIR> d-------- C:\Program Files\GW Team Builder
2007-12-07 18:45 . 2007-12-07 18:45 <DIR> d-------- C:\UbiSoft
2007-12-07 18:41 . 2007-12-07 18:41 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-12-07 18:37 . 2007-12-07 18:37 685,816 --a------ C:\Windows\System32\drivers\sptd.sys
2007-12-06 16:47 . 2007-12-06 16:47 0 --a------ C:\Windows\MAPPER.INI
2007-12-06 16:38 . 2007-12-06 16:38 <DIR> d-------- C:\Program Files\UbiSoft
2007-12-06 16:38 . 2007-12-06 16:38 13,312 --a------ C:\Windows\System32\svrapi.dll
2007-12-06 16:36 . 2007-12-07 18:46 <DIR> d-------- C:\Windows\UbiSoft
2007-12-04 21:52 . 2007-12-08 23:37 <DIR> d-------- C:\Program Files\icytower1.3
2007-12-03 20:33 . 2007-12-03 21:53 <DIR> d-------- C:\Users\XXX\AppData\Roaming\DivX
2007-12-03 20:31 . 2007-12-03 20:31 <DIR> d-------- C:\Program Files\DivX
2007-12-03 20:31 . 2007-12-03 20:31 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2007-12-02 17:18 . 2007-12-02 17:47 <DIR> d-------- C:\Program Files\Vokabeltrainer für Windows
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\Windows\System32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\Windows\System32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\Windows\System32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\Windows\System32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\Windows\System32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\Windows\System32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\Windows\System32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\Windows\System32\drivers\srtsp.inf
2007-11-27 17:15 . 2007-11-27 17:15 <DIR> d-------- C:\Users\XXX\AppData\Roaming\Logitech
2007-11-27 17:15 . 2007-11-27 17:15 <DIR> d-------- C:\Users\All Users\LogiShrd
2007-11-27 17:15 . 2007-11-27 17:15 <DIR> d-------- C:\ProgramData\LogiShrd
2007-11-27 17:12 . 2007-11-27 17:12 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-11-27 17:11 . 2007-11-27 17:11 <DIR> d-------- C:\Users\All Users\Logitech
2007-11-27 17:11 . 2007-11-27 17:11 <DIR> d-------- C:\ProgramData\Logitech
2007-11-27 17:11 . 2007-04-23 04:00 163,840 --a------ C:\Windows\System32\kemutb.dll
2007-11-27 17:11 . 2007-04-23 04:00 135,168 --a------ C:\Windows\System32\KemUtil.dll
2007-11-27 17:11 . 2007-04-23 04:00 110,592 --a------ C:\Windows\System32\KemWnd.dll
2007-11-27 17:11 . 2007-04-23 04:00 69,632 --a------ C:\Windows\System32\KemXML.dll
2007-11-27 17:00 . 2007-11-27 17:11 <DIR> d-------- C:\Program Files\Logitech
2007-11-27 17:00 . 2007-11-27 17:11 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-11-23 19:16 . 2007-12-18 16:20 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-11-23 19:16 . 2007-12-08 18:59 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2007-11-23 19:16 . 2007-12-08 18:59 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2007-11-23 19:16 . 2007-12-08 18:59 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2007-11-23 18:51 . 2007-11-23 18:51 <DIR> d-------- C:\NETGEAR
2007-11-23 18:51 . 2002-04-30 14:35 48,640 --a------ C:\Windows\System32\NgSharedPort.dll
2007-11-20 22:26 . 2007-12-18 16:12 39 --a------ C:\Windows\vbaddin.ini
2007-11-20 22:03 . 2007-11-20 22:05 <DIR> d-------- C:\Program Files\Microsoft Expression
2007-11-20 21:48 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2007-11-20 21:45 . 2007-11-20 21:45 <DIR> d-------- C:\Program Files\Microsoft Works
2007-11-20 21:37 . 2007-11-20 21:37 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-11-20 21:36 . 2007-12-18 16:18 <DIR> d-------- C:\Users\All Users\Microsoft Help
2007-11-20 21:36 . 2007-12-18 16:18 <DIR> d-------- C:\ProgramData\Microsoft Help
2007-11-20 20:01 . 2007-11-20 20:01 54,156 --ah----- C:\Windows\QTFont.qfn
2007-11-20 20:01 . 2007-11-20 20:01 1,409 --a------ C:\Windows\QTFont.for
2007-11-19 20:04 . 2007-11-19 20:04 <DIR> d-------- C:\Users\All Users\FLEXnet
2007-11-19 20:04 . 2007-11-19 20:04 <DIR> d-------- C:\ProgramData\FLEXnet
2007-11-19 20:01 . 2007-11-19 20:01 <DIR> d-------- C:\Program Files\Bonjour
2007-11-19 19:53 . 2007-11-19 19:53 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 21:09 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-13 21:09 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-13 21:09 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 21:09 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 21:09 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 21:09 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-13 21:09 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-11 19:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-11 16:04 --------- d-----w C:\ProgramData\Symantec
2007-12-09 22:38 --------- d-----w C:\Users\XXX\AppData\Roaming\Skype
2007-12-08 17:59 --------- d-----w C:\Program Files\Symantec
2007-12-05 20:46 --------- d-----w C:\Users\XXX\AppData\Roaming\teamspeak2
2007-12-02 16:47 --------- d-----w C:\Program Files\Vokabeltrainer für Windows
2007-12-01 16:59 --------- d-----w C:\Users\XXX \AppData\Roaming\ICQ
2007-11-30 14:50 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-27 16:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-23 18:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-20 20:45 --------- d-----w C:\Program Files\MSBuild
2007-11-19 19:01 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-18 10:42 --------- d-----w C:\Program Files\Tombrider Anniversary
2007-11-17 22:49 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-17 22:49 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-17 22:49 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-17 22:49 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-17 22:49 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-17 22:49 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-17 22:49 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-17 22:49 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-17 22:49 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-17 22:49 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-17 22:49 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-17 22:49 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-17 22:49 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-17 22:49 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-17 22:49 229,888 ----a-w C:\Windows\System32\msshsq.dll
2007-11-17 22:49 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-17 22:49 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-17 22:49 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-17 22:49 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-17 22:49 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-11-17 22:48 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-17 22:48 --------- d-----w C:\Program Files\Windows Mail
2007-11-17 22:43 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-17 10:47 --------- d-----w C:\Program Files\Common Files\Labtec
2007-11-17 10:46 --------- d-----w C:\Program Files\Labtec
2007-11-17 10:46 --------- d-----w C:\Program Files\Common Files\LogiShrd
2007-11-17 02:51 --------- d-----w C:\Program Files\Warcraft III
2007-11-17 02:35 126,976 ----a-w C:\Windows\War3Unin.exe
2007-11-16 22:28 --------- d-----w C:\Program Files\Rockstar Games
2007-11-16 20:26 --------- d-----w C:\Users\XXX\AppData\Roaming\InstallShield Installation Information
2007-11-16 20:23 --------- d-----w C:\Program Files\Unreal Tournament 3 Demo
2007-11-16 20:20 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-16 19:23 --------- d-----w C:\Program Files\Call of Duty
2007-11-14 22:01 --------- d-----w C:\Program Files\Java
2007-11-14 21:58 --------- d-----w C:\Program Files\Common Files\Java
2007-11-14 14:43 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-12 18:38 --------- d-----w C:\Users\XXX\AppData\Roaming\Apple Computer
2007-11-12 18:38 --------- d-----w C:\ProgramData\Apple Computer
2007-11-12 18:38 --------- d-----w C:\Program Files\iTunes
2007-11-12 18:38 --------- d-----w C:\Program Files\iPod
2007-11-12 18:37 --------- d-----w C:\Program Files\QuickTime
2007-11-12 18:36 --------- d-----w C:\Program Files\Apple Software Update
2007-11-12 18:35 --------- d-----w C:\ProgramData\Apple
2007-11-12 18:35 --------- d-----w C:\Program Files\Common Files\Apple
2007-11-12 18:09 --------- d-----w C:\Users\XXX\AppData\Roaming\Talkback
2007-11-12 18:03 --------- d-----w C:\ProgramData\Media Center Programs
2007-11-12 18:03 --------- d-----w C:\Program Files\GUILD WARS
2007-11-12 17:59 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-11-12 17:48 --------- d-----w C:\ProgramData\Skype
2007-11-12 17:48 --------- d-----w C:\Program Files\Skype
2007-11-12 17:48 --------- d-----w C:\Program Files\Google
2007-11-12 17:48 --------- d-----w C:\Program Files\Common Files\Skype
2007-11-12 14:46 --------- d-----w C:\Program Files\MSN Messenger
2007-11-12 14:31 --------- d-----w C:\Program Files\ICQ6
2007-11-12 14:27 --------- d-----w C:\Users\XXX\AppData\Roaming\InstallShield
2007-11-12 13:33 --------- d-----w C:\ProgramData\NVIDIA
2007-11-11 17:45 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-11 17:42 --------- d-----w C:\ProgramData\Creative
2007-11-11 17:38 174 --sha-w C:\Program Files\desktop.ini
2007-11-11 17:34 --------- d-----w C:\Program Files\Windows Defender
2007-11-11 17:34 --------- d-----w C:\Program Files\Windows Calendar
2007-11-11 17:33 --------- d-----w C:\Program Files\Creative
2007-11-11 17:32 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2007-11-11 17:32 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2007-11-11 17:26 8,192 ----a-w C:\Windows\System32\riched32.dll
2007-11-11 17:26 77,824 ----a-w C:\Windows\System32\rascfg.dll
2007-11-11 17:26 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2007-11-11 17:26 694,784 ----a-w C:\Windows\System32\localspl.dll
2007-11-11 17:26 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-11-11 17:26 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2007-11-11 17:26 52,736 ----a-w C:\Windows\System32\rasdiag.dll
2007-11-11 17:26 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2007-11-11 17:26 384,000 ----a-w C:\Windows\System32\netcfgx.dll
2007-11-11 17:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-11-11 17:26 33,280 ----a-w C:\Windows\System32\traffic.dll
2007-11-11 17:26 32,768 ----a-w C:\Windows\System32\rasmxs.dll
2007-11-11 17:26 286,208 ----a-w C:\Windows\System32\ipnathlp.dll
2007-11-11 17:26 22,016 ----a-w C:\Windows\System32\rasser.dll
2007-11-11 17:26 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2007-11-11 17:26 15,360 ----a-w C:\Windows\System32\pacerprf.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2007-11-23 19:19 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 C:\Windows\System32\oobefldr.dll]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-09-24 14:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 15:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-11 18:23]
"NvSvc"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 10:45 C:\Windows\System32\rundll32.exe]
"P17RunE"="RunDll32 P17RunE.dll" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 17:48]
"LogitechQuickCamRibbon"="C:\Program Files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 17:58]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-08-25 06:07]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 C:\Windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-12 18:48]

C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-11-27 17:11:36]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20071213.001\IDSvix86.sys [2007-11-06 17:07]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 nvlddmkm;nvlddmkm;C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-10-04 17:14]
R3 P17;SB Live! 24-bit;C:\Windows\system32\drivers\P17.sys [2007-04-10 14:10]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 21:50]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\WmBEnum.sys [2007-09-13 20:40]
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\Windows\system32\drivers\WmFilter.sys [2007-09-13 20:41]
R3 WmVirHid;Logitech Virtual Hid Device Driver;C:\Windows\system32\drivers\WmVirHid.sys [2007-09-13 20:41]
R3 WmXlCore;Logitech Translation Layer Driver;C:\Windows\system32\drivers\WmXlCore.sys [2007-09-13 20:41]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-31 08:22]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-08-23 21:35]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-10 01:27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners
"2007-12-18 16:35:00 C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-17 19:58:43 C:\Windows\Tasks\Norton AntiVirus Online - Systemprüfung ausführen - xxx.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeB/TASK:
"2007-12-18 13:15:06 C:\Windows\Tasks\User_Feed_Synchronization-{6E383FC1-1424-4AF8-8EBD-4A7C21915F85}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 19:22:10
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2007-12-18 19:22:51
.
2007-12-18 15:18:52 --- E O F ---

BataAlexander · 18.12.2007, 20:00

Solange

C:\Program Files\CryptLoad_1.0.4\router\FRITZ!Box\nc.exe

für Dich normal ist, sieht das Log sauber aus.

Oliveroderwas · 18.12.2007, 20:21

Ja ist es. Noch mal vielen Dank an alle!!!

18.12.2007, 20:00	#8
BataAlexander > MalwareDB	Bitte um Auswertung Solange C:\Program Files\CryptLoad_1.0.4\router\FRITZ!Box\nc.exe für Dich normal ist, sieht das Log sauber aus.

Bitte um Auswertung

Log-Analyse und Auswertung: Bitte um Auswertung