Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Java_bytever.bj ????

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.09.2008, 06:58   #16
godsilla
 
Java_bytever.bj ???? - Standard

Java_bytever.bj ????



So ich hatte meinen Pc neu gestartet. Aber der Virus ist immer noch drauf er konnte die dateien nicht loeschen.
Das waren die Dateinen die er nicht loeschen konnte..Siehe link unten ... -.-


http://img148.imageshack.us/my.php?image=fuckrs7.jpg


Langsam weis ich echt nicht mehr weiter.
Gibt es kein Programm um dieses Teil zu loeschen?!

Geändert von godsilla (07.09.2008 um 07:06 Uhr)

Alt 07.09.2008, 11:13   #17
Silent sharK
 

Java_bytever.bj ???? - Standard

Java_bytever.bj ????



So, der Screen zeigt, das er die Dateien nur bei einem Reboot löschen kann. Hast du den Rechner neugestartet?

Zudem noch ist dein System schwerstens infiziert, vermutlich auch mit einem gefährlichen DDoS-fähigem Wurm.
Dir muss klar sein das man es durch diese Tools nie in einen 100% vertrauenswürdigen Zustand versetzen kann und das du umgehend alle Passwörter und Zugangsdaten von einem sauberen Rechner aus ändern sollst, btw. am infiziertem Rechner derweilen nichts heikles unternehmen.
Wenn Onlinebanking, etc. betrieben wurde solltest du deine Bank informieren und die Kontoauszüge auf Kontobewegungen prüfen.
Und ich weiß, wie du dir das Ganze eingefangen hast:
Zitat:
w*w .redtube.com
Auf solchen Seiten gibt es Malware wie Sand am Meer.

Wenn du noch auf Neuaufsetzen verzichten willst, folge den Schritt weiter:

ComboFix
  • Lade dir das Tool hier herunter auf den Desktop -> KLICK
Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
  • Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
    Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.
  • Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

(ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)
__________________

__________________

Alt 07.09.2008, 19:10   #18
godsilla
 
Java_bytever.bj ???? - Standard

Java_bytever.bj ????



Also ich habe den Pc neugestartet aber konnten trozdem nicht geloescht werden. Und im gegenteil es wurde immer schlimmer. Der Hintergrund hat sich steandig gewechselt. Und es haben sich immer mehr Seiten von allein geoeffnet. Wie ich den Virus bekommen habe weis ich nicht. Ich bin nicht der einzigste hir der den Pc benutzt.

Ich habe mal ein anderes Programm durchlaufen lassen. (Trojan Remover) Hat an sich eigentlich gut geholfen.. Es oeffnen sich keine fenster mehr, die Meldung das mein Pc versucht ist auch weg. Und der Pc lead auch wieder schneller. Das war der Report...

Teil1...

***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
9/7/2008 11:56:59 AM: Trojan Remover has been restarted
9/7/2008 11:56:59 AM: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Registered to: mohd alhusain]
Scan started at: 11:53:45 AM 07 Sep 2008
Using Database v7108
Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Eileen\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Eileen\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
11:53:45 AM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
11:53:45 AM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
11:53:45 AM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
11:53:47 AM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 8/4/2004
Modified: 4/13/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 8/4/2004
Modified: 4/13/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 8/4/2004
Modified: 4/13/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Cmaudio
Value Data: RunDll32 cmicnfg.cpl,CMICtrlWnd
cmicnfg.cpl [file not found to scan]
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 9/23/2006
Modified: 7/9/2001
Company: Ahead Software Gmbh
--------------------
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
577536 bytes
Created: 9/23/2006
Modified: 3/1/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
49263 bytes
Created: 2/17/2007
Modified: 10/12/2006
Company: Sun Microsystems, Inc.
--------------------
Value Name: Creative WebCam Tray
Value Data: C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
245760 bytes
Created: 9/29/2006
Modified: 7/30/2004
Company: Creative Technology Ltd
--------------------
Value Name: SiS Tray
Value Data:
Blank entry: []
--------------------
Value Name: SiS KHooker
Value Data: C:\WINDOWS\system32\khooker.exe
C:\WINDOWS\system32\khooker.exe [file not found to scan]
--------------------
Value Name: nmapp
Value Data: "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
321088 bytes
Created: 11/1/2006
Modified: 11/1/2006
Company: Pure Networks, Inc.
--------------------
Value Name: pccguide.exe
Value Data: C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
3429904 bytes
Created: 1/23/2007
Modified: 1/23/2007
Company: Trend Micro Inc.
--------------------
Value Name: AppleSyncNotifier
Value Data: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
116040 bytes
Created: 7/22/2008
Modified: 7/22/2008
Company: Apple Inc.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
413696 bytes
Created: 5/27/2008
Modified: 5/27/2008
Company: Apple Inc.
__________________

Alt 07.09.2008, 19:11   #19
godsilla
 
Java_bytever.bj ???? - Standard

Java_bytever.bj ????



Teil 2

--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
289064 bytes
Created: 7/30/2008
Modified: 7/30/2008
Company: Apple Inc.
--------------------
Value Name: UserFaultCheck
Value Data: %systemroot%\system32\dumprep 0 -u
C:\WINDOWS\system32\dumprep 0 -u [file not found to scan]
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 9/7/2008
Modified: 8/19/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: MsnMsgr
Value Data: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
C:\Program Files\MSN Messenger\MsnMsgr.Exe
5674352 bytes
Created: 1/19/2007
Modified: 1/19/2007
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty

************************************************************
11:53:50 AM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
11:53:50 AM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
11:53:51 AM: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
220672 bytes
Created: 8/4/2004
Modified: 4/13/2008
Company: Microsoft Corporation
--------------------

************************************************************
11:53:51 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {02C7D67F-6411-CD67-0202-030608030602}
Path: C:\WINDOWS\system32\Smiley.exe
C:\WINDOWS\system32\Smiley.exe
1185792 bytes
Created: 8/4/2004
Modified: 8/4/2004
Company:
----------
Key: {4b218e3e-bc98-4770-93d3-2731b9329278}
Path: %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf [file not found to scan]
----------

************************************************************
11:53:53 AM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
11:53:55 AM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
116040 bytes
Created: 7/22/2008
Modified: 7/22/2008
Company: Apple Inc.
----------
Key: Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
229376 bytes
Created: 7/24/2007
Modified: 7/24/2007
Company: Apple Inc.
----------
Key: cmuda
ImagePath: system32\drivers\cmuda.sys
C:\WINDOWS\system32\drivers\cmuda.sys
1373120 bytes
Created: 6/9/2006
Modified: 6/9/2006
Company: C-Media Inc
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 4/4/2005
Modified: 4/4/2005
Company: Macrovision Corporation
----------
Key: ms_mpu401
ImagePath: system32\drivers\msmpu401.sys
C:\WINDOWS\system32\drivers\msmpu401.sys
2944 bytes
Created: 7/12/2006
Modified: 8/17/2001
Company: Microsoft Corporation
----------
Key: nmraapache
ImagePath: "C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice
C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
12800 bytes
Created: 10/14/2006
Modified: 10/14/2006
Company: Pure Networks, Inc.
----------
Key: nmservice
ImagePath: "C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe"
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
321088 bytes
Created: 11/1/2006
Modified: 11/1/2006
Company: Pure Networks, Inc.
----------
Key: PcCtlCom
ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
1922576 bytes
Created: 1/23/2007
Modified: 1/23/2007
Company: Trend Micro Inc.
----------
Key: PcScnSrv
ImagePath: "C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe"
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
214544 bytes
Created: 12/29/2006
Modified: 12/29/2006
Company: Trend Micro Inc.
----------
Key: PD0620VID
ImagePath: system32\DRIVERS\P0620Vid.sys
C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
-R- 91577 bytes
Created: 9/29/2006
Modified: 7/28/2004
Company: Creative Technology Ltd.
----------
Key: pnarp
ImagePath: system32\DRIVERS\pnarp.sys
C:\WINDOWS\system32\DRIVERS\pnarp.sys
25792 bytes
Created: 3/3/2007
Modified: 2/8/2007
Company: Pure Networks, Inc.
----------
Key: purendis
ImagePath: system32\DRIVERS\purendis.sys
C:\WINDOWS\system32\DRIVERS\purendis.sys
26944 bytes
Created: 3/3/2007
Modified: 2/8/2007
Company: Pure Networks, Inc.
----------
Key: SiS315
ImagePath: system32\DRIVERS\sisgrp.sys
C:\WINDOWS\system32\DRIVERS\sisgrp.sys
432384 bytes
Created: 2/6/2002
Modified: 1/6/2004
Company: Silicon Integrated Systems Corporation
----------
Key: sisagp
ImagePath: system32\DRIVERS\SISAGPX.sys
C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
30720 bytes
Created: 10/26/2006
Modified: 1/13/2003
Company: Silicon Integrated Systems Corporation
----------
Key: SiSkp
ImagePath: system32\drivers\srvkp.sys
C:\WINDOWS\system32\drivers\srvkp.sys
11264 bytes
Created: 10/26/2006
Modified: 10/2/2003
Company: Silicon Integrated Systems Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{FF3D0FB8-7566-42EE-91DC-CECE1B972A55}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 8/4/2004
Modified: 4/13/2008
Company: Microsoft Corporation
----------
Key: tmcfw
ImagePath: system32\DRIVERS\TM_CFW.sys
C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
288848 bytes
Created: 9/7/2007
Modified: 12/29/2006
Company: Trend Micro Inc.
----------
Key: tmcomm
ImagePath: \??\C:\WINDOWS\system32\drivers\tmcomm.sys
C:\WINDOWS\system32\drivers\tmcomm.sys
138384 bytes
Created: 12/29/2006
Modified: 12/24/2007
Company: Trend Micro Inc.
----------
Key: tmmbd
ImagePath: system32\DRIVERS\tm_mbd_c.sys
C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys
111888 bytes
Created: 9/7/2007
Modified: 12/29/2006
Company: Trend Micro Inc.
----------
Key: Tmntsrv
ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
480784 bytes
Created: 12/29/2006
Modified: 12/29/2006
Company: Trend Micro Inc.
----------
Key: TmPfw
ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
943696 bytes
Created: 12/29/2006
Modified: 12/29/2006
Company: Trend Micro Inc.
----------
Key: tmpreflt
ImagePath: system32\DRIVERS\tmpreflt.sys
C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
36368 bytes
Created: 9/7/2007
Modified: 7/18/2008
Company: Trend Micro Inc.
----------
Key: tmproxy
ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
566872 bytes
Created: 12/29/2006
Modified: 12/29/2006
Company: Trend Micro Inc.

Alt 07.09.2008, 19:12   #20
godsilla
 
Java_bytever.bj ???? - Standard

Java_bytever.bj ????



Teil 3

----------
Key: tmtdi
ImagePath: system32\DRIVERS\tmtdi.sys
C:\WINDOWS\system32\DRIVERS\tmtdi.sys
75088 bytes
Created: 9/7/2007
Modified: 12/29/2006
Company: Trend Micro Incorporated.
----------
Key: tmxpflt
ImagePath: system32\DRIVERS\tmxpflt.sys
C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
205328 bytes
Created: 9/7/2007
Modified: 7/18/2008
Company: Trend Micro Inc.
----------
Key: USBAAPL
ImagePath: System32\Drivers\usbaapl.sys
C:\WINDOWS\System32\Drivers\usbaapl.sys
32000 bytes
Created: 9/3/2008
Modified: 7/22/2008
Company: Apple, Inc.
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 1/19/2007
Modified: 1/19/2007
Company: Microsoft Corporation
----------
Key: vsapint
ImagePath: system32\DRIVERS\vsapint.sys
C:\WINDOWS\system32\DRIVERS\vsapint.sys
1195448 bytes
Created: 9/7/2007
Modified: 7/18/2008
Company: Trend Micro Inc.
----------

************************************************************
11:54:03 AM: Scanning -----VXD ENTRIES-----

************************************************************
11:54:03 AM: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
11:54:04 AM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: {48F45200-91E6-11CE-8A4F-0080C81A28D4}
Path: C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll
C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll
292368 bytes
Created: 12/29/2006
Modified: 12/29/2006
Company: Trend Micro Inc.
----------

************************************************************
11:54:04 AM: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
11:54:04 AM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
37808 bytes
Created: 9/23/2006
Modified: 3/2/2001
Company:
----------
Key: {2D9F1530-0B38-4DCB-A90A-CECD559F3514}
BHO: C:\WINDOWS\system32\getsn32.dll
C:\WINDOWS\system32\getsn32.dll
15360 bytes
Created: 9/6/2008
Modified: 9/7/2008
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar3.dll
c:\program files\google\googletoolbar3.dll
-R- 2403392 bytes
Created: 10/14/2007
Modified: 1/19/2007
Company: Google Inc.
----------

************************************************************
11:54:06 AM: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
11:54:06 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value: {C5AF49A2-94F3-42BD-F234-3604812C897D}
Comment: kjlsjf9843nksngfdgffn
File: C:\WINDOWS\system32\ksfj83nwe.dll
C:\WINDOWS\system32\ksfj83nwe.dll [file not found to scan]
----------

************************************************************
11:54:06 AM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
11:54:07 AM: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

************************************************************
11:54:07 AM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
11:54:07 AM: Scanning ------ USER STARTUP GROUPS ------
Checking Startup Group for All Users
[C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp]
No Startup files for All Users were located to check

************************************************************
11:54:07 AM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
110592 bytes
Created: 12/9/2006
Modified: 8/24/2000
Company: Adobe Systems, Inc.
Adobe Gamma Loader.exe.lnk - links to C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
--------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 7/12/2006
Modified: 7/12/2006
Company:
--------------------
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
282624 bytes
Created: 2/20/2007
Modified: 2/20/2007
Company: Eastman Kodak Company
Kodak EasyShare software.lnk - links to C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
--------------------
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
16423 bytes
Created: 2/13/2004
Modified: 2/13/2004
Company:
KODAK Software Updater.lnk - links to C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
--------------------

************************************************************
11:54:09 AM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 9/27/2006
Modified: 7/12/2006
Company:
----------
--------------------
Checking Startup Group for: Eileen
[C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP]
The Startup Group for Eileen attempts to load the following file(s):
C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 7/12/2006
Modified: 7/12/2006
Company:
----------
C:\Program Files\LimeWire\LimeWire.exe
147456 bytes
Created: 2/8/2008
Modified: 2/8/2008
Company: Lime Wire, LLC
LimeWire On Startup.lnk - links to C:\Program Files\LimeWire\LimeWire.exe
----------

************************************************************
11:54:10 AM: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 4/11/2008
Modified: 4/11/2008
Company: Apple Inc.
Parameters: -task
Next Run Time: 9/9/2008 1:43:00 PM
Status: The task has not yet run
Creator: SYSTEM
Comments: [blank]
----------

************************************************************
11:54:10 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
11:54:10 AM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Eileen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Eileen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 9/23/2006
Modified: 5/12/2007
Company:
----------
Web Desktop Wallpaper entry is blank
----------
Additional checks completed

************************************************************
11:54:13 AM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe
--------------------
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
--------------------
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\SOUNDMAN.EXE
--------------------
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
--------------------
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE


Alt 07.09.2008, 19:13   #21
Silent sharK
 

Java_bytever.bj ???? - Standard

Java_bytever.bj ????



Sorry, aber wenn du dich nicht an die Anweisungen haltest, kann dir auch nicht geholfen werden.

Von "Trojan Remover" halte ich nicht viel, ist für mich unnötig wie ein Kropf.
__________________
--> Java_bytever.bj ????

Alt 07.09.2008, 19:13   #22
godsilla
 
Java_bytever.bj ???? - Standard

Java_bytever.bj ????



Teil 4

--------------------
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
--------------------
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
--------------------
C:\Program Files\QuickTime\QTTask.exe
--------------------
C:\Program Files\iTunes\iTunesHelper.exe
--------------------
C:\Program Files\MSN Messenger\MsnMsgr.Exe
--------------------
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
--------------------
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
--------------------
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
--------------------
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
--------------------
C:\Program Files\LimeWire\LimeWire.exe
--------------------
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
--------------------
C:\WINDOWS\system32\wdfmgr.exe
--------------------
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
--------------------
C:\Program Files\iPod\bin\iPodService.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Documents and Settings\Eileen\Application Data\Simply Super Software\Trojan Remover\pey44.exe
FileSize: 2548288
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
11:54:17 AM: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
11:54:17 AM: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
11:54:17 AM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://start.shaw.ca/start/enCA
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.google.com

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 11:54:17 AM 07 Sep 2008
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
9/7/2008 11:54:37 AM: restart commenced
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Registered to: mohd alhusain]
Scan started at: 11:40:17 AM 07 Sep 2008
Using Database v7108
Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Eileen\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Eileen\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The regfile\shell\open\command Registry Key appears to have been modified.
The current Registry entry is: regedit.exe "%1" %*.
This entry calls the following file:
C:\WINDOWS\regedit.exe
Trojan Remover has restored the Registry regfile\shell\open key.
--------------------

************************************************************
11:40:46 AM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
11:40:46 AM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
11:40:46 AM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
11:40:48 AM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 8/4/2004
Modified: 4/13/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 8/4/2004
Modified: 4/13/2008
Company: Microsoft Corporation
----------
File: C:\WINDOWS\system32\uesiuqcr.exe
C:\WINDOWS\system32\uesiuqcr.exe
85008 bytes
Created: 9/6/2008
Modified: 9/6/2008
Company: Microsoft Corporation
C:\WINDOWS\system32\uesiuqcr.exe - running process located and terminated
C:\WINDOWS\system32\uesiuqcr.exe - file renamed to: C:\WINDOWS\system32\uesiuqcr.exe.vir
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 8/4/2004
Modified: 4/13/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Cmaudio
Value Data: RunDll32 cmicnfg.cpl,CMICtrlWnd
cmicnfg.cpl [file not found to scan]
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 9/23/2006
Modified: 7/9/2001
Company: Ahead Software Gmbh
--------------------
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
577536 bytes
Created: 9/23/2006
Modified: 3/1/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
49263 bytes
Created: 2/17/2007
Modified: 10/12/2006
Company: Sun Microsystems, Inc.
--------------------
Value Name: Creative WebCam Tray
Value Data: C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
245760 bytes
Created: 9/29/2006
Modified: 7/30/2004
Company: Creative Technology Ltd
--------------------
Value Name: SiS Tray
Value Data:
Blank entry: []
--------------------
Value Name: SiS KHooker
Value Data: C:\WINDOWS\system32\khooker.exe
C:\WINDOWS\system32\khooker.exe [file not found to scan]
--------------------
Value Name: nmapp
Value Data: "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
321088 bytes
Created: 11/1/2006
Modified: 11/1/2006
Company: Pure Networks, Inc.
--------------------
Value Name: pccguide.exe
Value Data: C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
3429904 bytes
Created: 1/23/2007
Modified: 1/23/2007
Company: Trend Micro Inc.
--------------------
Value Name: AppleSyncNotifier
Value Data: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
116040 bytes
Created: 7/22/2008
Modified: 7/22/2008
Company: Apple Inc.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
413696 bytes
Created: 5/27/2008
Modified: 5/27/2008
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
289064 bytes
Created: 7/30/2008
Modified: 7/30/2008
Company: Apple Inc.
--------------------
Value Name: UserFaultCheck
Value Data: %systemroot%\system32\dumprep 0 -u
C:\WINDOWS\system32\dumprep 0 -u [file not found to scan]
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 9/7/2008
Modified: 8/19/2008
Company: Simply Super Software
--------------------

Alt 07.09.2008, 19:14   #23
godsilla
 
Java_bytever.bj ???? - Standard

Java_bytever.bj ????



Teil 5

--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: MsnMsgr
Value Data: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
C:\Program Files\MSN Messenger\MsnMsgr.Exe
5674352 bytes
Created: 1/19/2007
Modified: 1/19/2007
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty

************************************************************
11:41:34 AM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
11:41:34 AM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
11:41:34 AM: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
220672 bytes
Created: 8/4/2004
Modified: 4/13/2008
Company: Microsoft Corporation
--------------------

************************************************************
11:41:35 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {02C7D67F-6411-CD67-0202-030608030602}
Path: C:\WINDOWS\system32\Smiley.exe
C:\WINDOWS\system32\Smiley.exe
1185792 bytes
Created: 8/4/2004
Modified: 8/4/2004
Company:
----------
Key: {4b218e3e-bc98-4770-93d3-2731b9329278}
Path: %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf [file not found to scan]
----------

************************************************************
11:41:36 AM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
11:41:39 AM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
116040 bytes
Created: 7/22/2008
Modified: 7/22/2008
Company: Apple Inc.
----------
Key: Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
229376 bytes
Created: 7/24/2007
Modified: 7/24/2007
Company: Apple Inc.
----------
Key: cmuda
ImagePath: system32\drivers\cmuda.sys
C:\WINDOWS\system32\drivers\cmuda.sys
1373120 bytes
Created: 6/9/2006
Modified: 6/9/2006
Company: C-Media Inc
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 4/4/2005
Modified: 4/4/2005
Company: Macrovision Corporation
----------
Key: ms_mpu401
ImagePath: system32\drivers\msmpu401.sys
C:\WINDOWS\system32\drivers\msmpu401.sys
2944 bytes
Created: 7/12/2006
Modified: 8/17/2001
Company: Microsoft Corporation
----------
Key: nmraapache
ImagePath: "C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice
C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
12800 bytes
Created: 10/14/2006
Modified: 10/14/2006
Company: Pure Networks, Inc.
----------
Key: nmservice
ImagePath: "C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe"
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
321088 bytes
Created: 11/1/2006
Modified: 11/1/2006
Company: Pure Networks, Inc.
----------
Key: PcCtlCom
ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
1922576 bytes
Created: 1/23/2007
Modified: 1/23/2007
Company: Trend Micro Inc.
----------
Key: PcScnSrv
ImagePath: "C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe"
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
214544 bytes
Created: 12/29/2006
Modified: 12/29/2006
Company: Trend Micro Inc.
----------
Key: PD0620VID
ImagePath: system32\DRIVERS\P0620Vid.sys
C:\WINDOWS\system32\DRIVERS\P0620Vid.sys
-R- 91577 bytes
Created: 9/29/2006
Modified: 7/28/2004
Company: Creative Technology Ltd.
----------
Key: pnarp
ImagePath: system32\DRIVERS\pnarp.sys
C:\WINDOWS\system32\DRIVERS\pnarp.sys
25792 bytes
Created: 3/3/2007
Modified: 2/8/2007
Company: Pure Networks, Inc.
----------
Key: purendis
ImagePath: system32\DRIVERS\purendis.sys
C:\WINDOWS\system32\DRIVERS\purendis.sys
26944 bytes
Created: 3/3/2007
Modified: 2/8/2007
Company: Pure Networks, Inc.
----------
Key: SiS315
ImagePath: system32\DRIVERS\sisgrp.sys
C:\WINDOWS\system32\DRIVERS\sisgrp.sys
432384 bytes
Created: 2/6/2002
Modified: 1/6/2004
Company: Silicon Integrated Systems Corporation
----------
Key: sisagp
ImagePath: system32\DRIVERS\SISAGPX.sys
C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
30720 bytes
Created: 10/26/2006
Modified: 1/13/2003
Company: Silicon Integrated Systems Corporation
----------
Key: SiSkp
ImagePath: system32\drivers\srvkp.sys
C:\WINDOWS\system32\drivers\srvkp.sys
11264 bytes
Created: 10/26/2006
Modified: 10/2/2003
Company: Silicon Integrated Systems Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{FF3D0FB8-7566-42EE-91DC-CECE1B972A55}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 8/4/2004
Modified: 4/13/2008
Company: Microsoft Corporation
----------
Key: tmcfw
ImagePath: system32\DRIVERS\TM_CFW.sys
C:\WINDOWS\system32\DRIVERS\TM_CFW.sys
288848 bytes
Created: 9/7/2007
Modified: 12/29/2006
Company: Trend Micro Inc.
----------
Key: tmcomm
ImagePath: \??\C:\WINDOWS\system32\drivers\tmcomm.sys
C:\WINDOWS\system32\drivers\tmcomm.sys
138384 bytes
Created: 12/29/2006
Modified: 12/24/2007
Company: Trend Micro Inc.
----------
Key: tmmbd
ImagePath: system32\DRIVERS\tm_mbd_c.sys
C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys
111888 bytes
Created: 9/7/2007
Modified: 12/29/2006
Company: Trend Micro Inc.
----------
Key: Tmntsrv
ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
480784 bytes
Created: 12/29/2006
Modified: 12/29/2006
Company: Trend Micro Inc.
----------
Key: TmPfw
ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
943696 bytes
Created: 12/29/2006
Modified: 12/29/2006
Company: Trend Micro Inc.
----------

Alt 07.09.2008, 19:16   #24
godsilla
 
Java_bytever.bj ???? - Standard

Java_bytever.bj ????



Teil 6

----------
Key: tmpreflt
ImagePath: system32\DRIVERS\tmpreflt.sys
C:\WINDOWS\system32\DRIVERS\tmpreflt.sys
36368 bytes
Created: 9/7/2007
Modified: 7/18/2008
Company: Trend Micro Inc.
----------
Key: tmproxy
ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
566872 bytes
Created: 12/29/2006
Modified: 12/29/2006
Company: Trend Micro Inc.
----------
Key: tmtdi
ImagePath: system32\DRIVERS\tmtdi.sys
C:\WINDOWS\system32\DRIVERS\tmtdi.sys
75088 bytes
Created: 9/7/2007
Modified: 12/29/2006
Company: Trend Micro Incorporated.
----------
Key: tmxpflt
ImagePath: system32\DRIVERS\tmxpflt.sys
C:\WINDOWS\system32\DRIVERS\tmxpflt.sys
205328 bytes
Created: 9/7/2007
Modified: 7/18/2008
Company: Trend Micro Inc.
----------
Key: USBAAPL
ImagePath: System32\Drivers\usbaapl.sys
C:\WINDOWS\System32\Drivers\usbaapl.sys
32000 bytes
Created: 9/3/2008
Modified: 7/22/2008
Company: Apple, Inc.
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 1/19/2007
Modified: 1/19/2007
Company: Microsoft Corporation
----------
Key: vsapint
ImagePath: system32\DRIVERS\vsapint.sys
C:\WINDOWS\system32\DRIVERS\vsapint.sys
1195448 bytes
Created: 9/7/2007
Modified: 7/18/2008
Company: Trend Micro Inc.
----------

************************************************************
11:41:48 AM: Scanning -----VXD ENTRIES-----

************************************************************
11:41:48 AM: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
11:41:48 AM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: {48F45200-91E6-11CE-8A4F-0080C81A28D4}
Path: C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll
C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll
292368 bytes
Created: 12/29/2006
Modified: 12/29/2006
Company: Trend Micro Inc.
----------

************************************************************
11:41:48 AM: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
11:41:48 AM: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
37808 bytes
Created: 9/23/2006
Modified: 3/2/2001
Company:
----------
Key: {2D9F1530-0B38-4DCB-A90A-CECD559F3514}
BHO: C:\WINDOWS\system32\getsn32.dll
C:\WINDOWS\system32\getsn32.dll
15360 bytes
Created: 9/6/2008
Modified: 9/7/2008
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar3.dll
c:\program files\google\googletoolbar3.dll
-R- 2403392 bytes
Created: 10/14/2007
Modified: 1/19/2007
Company: Google Inc.
----------

************************************************************
11:41:49 AM: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
11:41:50 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value: {C5AF49A2-94F3-42BD-F234-3604812C897D}
Comment: kjlsjf9843nksngfdgffn
File: C:\WINDOWS\system32\ksfj83nwe.dll
C:\WINDOWS\system32\ksfj83nwe.dll [file not found to scan]
----------

************************************************************
11:41:50 AM: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
11:41:50 AM: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

************************************************************
11:41:50 AM: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
11:41:50 AM: Scanning ------ USER STARTUP GROUPS ------
Checking Startup Group for All Users
[C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp]
No Startup files for All Users were located to check

************************************************************
11:41:50 AM: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
110592 bytes
Created: 12/9/2006
Modified: 8/24/2000
Company: Adobe Systems, Inc.
Adobe Gamma Loader.exe.lnk - links to C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
--------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 7/12/2006
Modified: 7/12/2006
Company:
--------------------
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
282624 bytes
Created: 2/20/2007
Modified: 2/20/2007
Company: Eastman Kodak Company
Kodak EasyShare software.lnk - links to C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
--------------------
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
16423 bytes
Created: 2/13/2004
Modified: 2/13/2004
Company:
KODAK Software Updater.lnk - links to C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
--------------------

************************************************************
11:41:52 AM: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 9/27/2006
Modified: 7/12/2006
Company:
----------
--------------------
Checking Startup Group for: Eileen
[C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP]
The Startup Group for Eileen attempts to load the following file(s):
C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 7/12/2006
Modified: 7/12/2006
Company:
----------
C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP\IMVU.lnk - this links to C:\Program Files\IMVU\IMVUClient.exe - this Shortcut has been removed
----------
C:\Program Files\LimeWire\LimeWire.exe
147456 bytes
Created: 2/8/2008
Modified: 2/8/2008
Company: Lime Wire, LLC
LimeWire On Startup.lnk - links to C:\Program Files\LimeWire\LimeWire.exe
----------

************************************************************
11:42:30 AM: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 4/11/2008
Modified: 4/11/2008
Company: Apple Inc.
Parameters: -task
Next Run Time: 9/9/2008 1:43:00 PM
Status: The task has not yet run
Creator: SYSTEM
Comments: [blank]
----------

************************************************************
11:42:31 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
11:42:31 AM: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
Value: DisableTaskMgr
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
Value: DisableTaskMgr
All Policy Values listed have been removed
==============================
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Eileen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Eileen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 9/23/2006
Modified: 5/12/2007
Company:
----------
Web Desktop Wallpaper: %SystemRoot%\default.htm
C:\WINDOWS\default.htm
1962 bytes
Created: 9/6/2008
Modified: 9/7/2008
Company:
C:\WINDOWS\default.htm appears to contain: TROJAN.FAKEALERT
C:\WINDOWS\default.htm - this registry value has been removed
C:\WINDOWS\default.htm - file renamed to: C:\WINDOWS\default.htm.vir
----------
Additional checks completed

Alt 07.09.2008, 19:16   #25
Silent sharK
 

Java_bytever.bj ???? - Standard

Java_bytever.bj ????



Sorry, die Teile kannst du dir sparen
__________________
mfg, Patrick


Technische Kompromittierung
=> Tatort Internet
Keine Windows-CD? Selbst brennen.


Alt 07.09.2008, 19:17   #26
godsilla
 
Java_bytever.bj ???? - Standard

Java_bytever.bj ????



Und der letzte teil...

************************************************************
11:43:19 AM: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[11 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[68 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[25 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[56 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[46 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
[153 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[30 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[40 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[53 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE
[94 loaded modules in total]
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[23 loaded modules in total]
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe
[25 loaded modules in total]
--------------------
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
[51 loaded modules in total]
--------------------
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
[34 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[39 loaded modules in total]
--------------------
C:\WINDOWS\SOUNDMAN.EXE
[20 loaded modules in total]
--------------------
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
[16 loaded modules in total]
--------------------
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
[31 loaded modules in total]
--------------------
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
[80 loaded modules in total]
--------------------
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
[33 loaded modules in total]
--------------------
C:\Program Files\QuickTime\QTTask.exe
[14 loaded modules in total]
--------------------
C:\Program Files\iTunes\iTunesHelper.exe
[47 loaded modules in total]
--------------------
C:\Program Files\MSN Messenger\MsnMsgr.Exe
[89 loaded modules in total]
--------------------
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
[191 loaded modules in total]
--------------------
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
[72 loaded modules in total]
--------------------
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
[19 loaded modules in total]
--------------------
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
[43 loaded modules in total]
--------------------
C:\Program Files\LimeWire\LimeWire.exe
[68 loaded modules in total]
--------------------
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
[51 loaded modules in total]
--------------------
C:\WINDOWS\system32\wdfmgr.exe
[13 loaded modules in total]
--------------------
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
[72 loaded modules in total]
--------------------
C:\Program Files\iPod\bin\iPodService.exe
[28 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[29 loaded modules in total]
--------------------
C:\Program Files\Outlook Express\msimn.exe
[77 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
[104 loaded modules in total]
--------------------
C:\WINDOWS\system32\NOTEPAD.EXE
[23 loaded modules in total]
--------------------
C:\Documents and Settings\Eileen\Application Data\Simply Super Software\Trojan Remover\pey44.exe
FileSize: 2548288
[This is a Trojan Remover component]
[22 loaded modules in total]
--------------------

************************************************************
11:46:02 AM: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
11:46:02 AM: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
11:46:02 AM: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
11:46:02 AM: Scanning ------ %TEMP% DIRECTORY ------
Scan cancelled by User
Scan stopped by user after 1259 files scanned.
--------------------
************************************************************
11:52:50 AM: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
No files found to scan
************************************************************
11:52:51 AM: Scanning ------ ROOT DIRECTORY ------
Scan stopped by user after 0 files scanned.
--------------------
Internet Explorer settings were not checked.

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== CHANGES WERE MADE TO A USER'S STARTUP GROUP ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 11:52:51 AM 07 Sep 2008
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
*** RESTART CANCELLED BY USER ***
Active Malware may already be re-infecting the system.
************************************************************

Alt 07.09.2008, 19:22   #27
godsilla
 
Java_bytever.bj ???? - Standard

Java_bytever.bj ????



Zitat:
Zitat von Dark Viruz Beitrag anzeigen
Sorry, aber wenn du dich nicht an die Anweisungen haltest, kann dir auch nicht geholfen werden.

Von "Trojan Remover" halte ich nicht viel, ist für mich unnötig wie ein Kropf.
Nur mal so neben bei ich habe mich an die Anweisung gehalten. (Ohne erfolg)
Vondaher habe ich dan "Trojan Remover" benutzt das du als"unoetig wie ein Kropf" findest. Komischer weise hat es mehr gebracht als die Anweisung?!

Alt 07.09.2008, 19:29   #28
Silent sharK
 

Java_bytever.bj ???? - Standard

Java_bytever.bj ????



Meinst du, durch ein dahergelaufenes Programm, das komischerweise nie empfohlen wird, reinigt dein kompromittiertes System?
Schau mal hier => Technische Kompromittierung

Wenn es bei dir jetzt nicht "Klick" macht, kann dir leider hier keiner helfen.

EOD
__________________
mfg, Patrick


Technische Kompromittierung
=> Tatort Internet
Keine Windows-CD? Selbst brennen.


Antwort

Themen zu Java_bytever.bj ????
antivirus, dauert, fenster, funktioniert, gelbes, gen, helfen, java, malware, micro, probiert, programm, punkt, rechts, runterladen, sache, sachen, seite, seiten, spyware, starte, starten, trend, verseucht, versucht, virus




Zum Thema Java_bytever.bj ???? - So ich hatte meinen Pc neu gestartet. Aber der Virus ist immer noch drauf er konnte die dateien nicht loeschen. Das waren die Dateinen die er nicht loeschen konnte..Siehe link - Java_bytever.bj ????...
Archiv
Du betrachtest: Java_bytever.bj ???? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.