|
Plagegeister aller Art und deren Bekämpfung: Java_bytever.bj ????Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.09.2008, 06:58 | #16 |
| Java_bytever.bj ???? So ich hatte meinen Pc neu gestartet. Aber der Virus ist immer noch drauf er konnte die dateien nicht loeschen. Das waren die Dateinen die er nicht loeschen konnte..Siehe link unten ... -.- http://img148.imageshack.us/my.php?image=fuckrs7.jpg Langsam weis ich echt nicht mehr weiter. Gibt es kein Programm um dieses Teil zu loeschen?! Geändert von godsilla (07.09.2008 um 07:06 Uhr) |
07.09.2008, 11:13 | #17 | |
Java_bytever.bj ???? So, der Screen zeigt, das er die Dateien nur bei einem Reboot löschen kann. Hast du den Rechner neugestartet?
__________________Zudem noch ist dein System schwerstens infiziert, vermutlich auch mit einem gefährlichen DDoS-fähigem Wurm. Dir muss klar sein das man es durch diese Tools nie in einen 100% vertrauenswürdigen Zustand versetzen kann und das du umgehend alle Passwörter und Zugangsdaten von einem sauberen Rechner aus ändern sollst, btw. am infiziertem Rechner derweilen nichts heikles unternehmen. Wenn Onlinebanking, etc. betrieben wurde solltest du deine Bank informieren und die Kontoauszüge auf Kontobewegungen prüfen. Und ich weiß, wie du dir das Ganze eingefangen hast: Zitat:
Wenn du noch auf Neuaufsetzen verzichten willst, folge den Schritt weiter: ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. (ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)
__________________ |
07.09.2008, 19:10 | #18 |
| Java_bytever.bj ???? Also ich habe den Pc neugestartet aber konnten trozdem nicht geloescht werden. Und im gegenteil es wurde immer schlimmer. Der Hintergrund hat sich steandig gewechselt. Und es haben sich immer mehr Seiten von allein geoeffnet. Wie ich den Virus bekommen habe weis ich nicht. Ich bin nicht der einzigste hir der den Pc benutzt.
__________________Ich habe mal ein anderes Programm durchlaufen lassen. (Trojan Remover) Hat an sich eigentlich gut geholfen.. Es oeffnen sich keine fenster mehr, die Meldung das mein Pc versucht ist auch weg. Und der Pc lead auch wieder schneller. Das war der Report... Teil1... ***** TROJAN REMOVER HAS RESTARTED THE SYSTEM ***** 9/7/2008 11:56:59 AM: Trojan Remover has been restarted 9/7/2008 11:56:59 AM: Trojan Remover closed ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com [Registered to: mohd alhusain] Scan started at: 11:53:45 AM 07 Sep 2008 Using Database v7108 Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)] File System: NTFS Data directory: C:\Documents and Settings\Eileen\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Eileen\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 11:53:45 AM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ************************************************************ 11:53:45 AM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ************************************************************ 11:53:45 AM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 11:53:47 AM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): File: Explorer.exe C:\WINDOWS\Explorer.exe 1033728 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 26112 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Cmaudio Value Data: RunDll32 cmicnfg.cpl,CMICtrlWnd cmicnfg.cpl [file not found to scan] -------------------- Value Name: NeroFilterCheck Value Data: C:\WINDOWS\system32\NeroCheck.exe C:\WINDOWS\system32\NeroCheck.exe 155648 bytes Created: 9/23/2006 Modified: 7/9/2001 Company: Ahead Software Gmbh -------------------- Value Name: SoundMan Value Data: SOUNDMAN.EXE C:\WINDOWS\SOUNDMAN.EXE 577536 bytes Created: 9/23/2006 Modified: 3/1/2006 Company: Realtek Semiconductor Corp. -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe 49263 bytes Created: 2/17/2007 Modified: 10/12/2006 Company: Sun Microsystems, Inc. -------------------- Value Name: Creative WebCam Tray Value Data: C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\Creative\Shared Files\CAMTRAY.EXE 245760 bytes Created: 9/29/2006 Modified: 7/30/2004 Company: Creative Technology Ltd -------------------- Value Name: SiS Tray Value Data: Blank entry: [] -------------------- Value Name: SiS KHooker Value Data: C:\WINDOWS\system32\khooker.exe C:\WINDOWS\system32\khooker.exe [file not found to scan] -------------------- Value Name: nmapp Value Data: "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash C:\Program Files\Pure Networks\Network Magic\nmapp.exe 321088 bytes Created: 11/1/2006 Modified: 11/1/2006 Company: Pure Networks, Inc. -------------------- Value Name: pccguide.exe Value Data: C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe 3429904 bytes Created: 1/23/2007 Modified: 1/23/2007 Company: Trend Micro Inc. -------------------- Value Name: AppleSyncNotifier Value Data: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe 116040 bytes Created: 7/22/2008 Modified: 7/22/2008 Company: Apple Inc. -------------------- Value Name: QuickTime Task Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime C:\Program Files\QuickTime\QTTask.exe 413696 bytes Created: 5/27/2008 Modified: 5/27/2008 Company: Apple Inc. |
07.09.2008, 19:11 | #19 |
| Java_bytever.bj ???? Teil 2 -------------------- Value Name: iTunesHelper Value Data: "C:\Program Files\iTunes\iTunesHelper.exe" C:\Program Files\iTunes\iTunesHelper.exe 289064 bytes Created: 7/30/2008 Modified: 7/30/2008 Company: Apple Inc. -------------------- Value Name: UserFaultCheck Value Data: %systemroot%\system32\dumprep 0 -u C:\WINDOWS\system32\dumprep 0 -u [file not found to scan] -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 914512 bytes Created: 9/7/2008 Modified: 8/19/2008 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: MsnMsgr Value Data: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background C:\Program Files\MSN Messenger\MsnMsgr.Exe 5674352 bytes Created: 1/19/2007 Modified: 1/19/2007 Company: Microsoft Corporation -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx This Registry Key appears to be empty ************************************************************ 11:53:50 AM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************************ 11:53:50 AM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 11:53:51 AM: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\WINDOWS\system32\logon.scr C:\WINDOWS\system32\logon.scr 220672 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation -------------------- ************************************************************ 11:53:51 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {02C7D67F-6411-CD67-0202-030608030602} Path: C:\WINDOWS\system32\Smiley.exe C:\WINDOWS\system32\Smiley.exe 1185792 bytes Created: 8/4/2004 Modified: 8/4/2004 Company: ---------- Key: {4b218e3e-bc98-4770-93d3-2731b9329278} Path: %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf [file not found to scan] ---------- ************************************************************ 11:53:53 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: AppMgmt %SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found) -------------------- Key: HidServ %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found) -------------------- ************************************************************ 11:53:55 AM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: Apple Mobile Device ImagePath: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 116040 bytes Created: 7/22/2008 Modified: 7/22/2008 Company: Apple Inc. ---------- Key: Bonjour Service ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe" C:\Program Files\Bonjour\mDNSResponder.exe 229376 bytes Created: 7/24/2007 Modified: 7/24/2007 Company: Apple Inc. ---------- Key: cmuda ImagePath: system32\drivers\cmuda.sys C:\WINDOWS\system32\drivers\cmuda.sys 1373120 bytes Created: 6/9/2006 Modified: 6/9/2006 Company: C-Media Inc ---------- Key: IDriverT ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 69632 bytes Created: 4/4/2005 Modified: 4/4/2005 Company: Macrovision Corporation ---------- Key: ms_mpu401 ImagePath: system32\drivers\msmpu401.sys C:\WINDOWS\system32\drivers\msmpu401.sys 2944 bytes Created: 7/12/2006 Modified: 8/17/2001 Company: Microsoft Corporation ---------- Key: nmraapache ImagePath: "C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe 12800 bytes Created: 10/14/2006 Modified: 10/14/2006 Company: Pure Networks, Inc. ---------- Key: nmservice ImagePath: "C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe" C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe 321088 bytes Created: 11/1/2006 Modified: 11/1/2006 Company: Pure Networks, Inc. ---------- Key: PcCtlCom ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe 1922576 bytes Created: 1/23/2007 Modified: 1/23/2007 Company: Trend Micro Inc. ---------- Key: PcScnSrv ImagePath: "C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe" C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe 214544 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: PD0620VID ImagePath: system32\DRIVERS\P0620Vid.sys C:\WINDOWS\system32\DRIVERS\P0620Vid.sys -R- 91577 bytes Created: 9/29/2006 Modified: 7/28/2004 Company: Creative Technology Ltd. ---------- Key: pnarp ImagePath: system32\DRIVERS\pnarp.sys C:\WINDOWS\system32\DRIVERS\pnarp.sys 25792 bytes Created: 3/3/2007 Modified: 2/8/2007 Company: Pure Networks, Inc. ---------- Key: purendis ImagePath: system32\DRIVERS\purendis.sys C:\WINDOWS\system32\DRIVERS\purendis.sys 26944 bytes Created: 3/3/2007 Modified: 2/8/2007 Company: Pure Networks, Inc. ---------- Key: SiS315 ImagePath: system32\DRIVERS\sisgrp.sys C:\WINDOWS\system32\DRIVERS\sisgrp.sys 432384 bytes Created: 2/6/2002 Modified: 1/6/2004 Company: Silicon Integrated Systems Corporation ---------- Key: sisagp ImagePath: system32\DRIVERS\SISAGPX.sys C:\WINDOWS\system32\DRIVERS\SISAGPX.sys 30720 bytes Created: 10/26/2006 Modified: 1/13/2003 Company: Silicon Integrated Systems Corporation ---------- Key: SiSkp ImagePath: system32\drivers\srvkp.sys C:\WINDOWS\system32\drivers\srvkp.sys 11264 bytes Created: 10/26/2006 Modified: 10/2/2003 Company: Silicon Integrated Systems Corporation ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{FF3D0FB8-7566-42EE-91DC-CECE1B972A55} C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: tmcfw ImagePath: system32\DRIVERS\TM_CFW.sys C:\WINDOWS\system32\DRIVERS\TM_CFW.sys 288848 bytes Created: 9/7/2007 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: tmcomm ImagePath: \??\C:\WINDOWS\system32\drivers\tmcomm.sys C:\WINDOWS\system32\drivers\tmcomm.sys 138384 bytes Created: 12/29/2006 Modified: 12/24/2007 Company: Trend Micro Inc. ---------- Key: tmmbd ImagePath: system32\DRIVERS\tm_mbd_c.sys C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys 111888 bytes Created: 9/7/2007 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: Tmntsrv ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe 480784 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: TmPfw ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe 943696 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: tmpreflt ImagePath: system32\DRIVERS\tmpreflt.sys C:\WINDOWS\system32\DRIVERS\tmpreflt.sys 36368 bytes Created: 9/7/2007 Modified: 7/18/2008 Company: Trend Micro Inc. ---------- Key: tmproxy ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe 566872 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. |
07.09.2008, 19:12 | #20 |
| Java_bytever.bj ???? Teil 3 ---------- Key: tmtdi ImagePath: system32\DRIVERS\tmtdi.sys C:\WINDOWS\system32\DRIVERS\tmtdi.sys 75088 bytes Created: 9/7/2007 Modified: 12/29/2006 Company: Trend Micro Incorporated. ---------- Key: tmxpflt ImagePath: system32\DRIVERS\tmxpflt.sys C:\WINDOWS\system32\DRIVERS\tmxpflt.sys 205328 bytes Created: 9/7/2007 Modified: 7/18/2008 Company: Trend Micro Inc. ---------- Key: USBAAPL ImagePath: System32\Drivers\usbaapl.sys C:\WINDOWS\System32\Drivers\usbaapl.sys 32000 bytes Created: 9/3/2008 Modified: 7/22/2008 Company: Apple, Inc. ---------- Key: usnjsvc ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe" C:\Program Files\MSN Messenger\usnsvc.exe 97136 bytes Created: 1/19/2007 Modified: 1/19/2007 Company: Microsoft Corporation ---------- Key: vsapint ImagePath: system32\DRIVERS\vsapint.sys C:\WINDOWS\system32\DRIVERS\vsapint.sys 1195448 bytes Created: 9/7/2007 Modified: 7/18/2008 Company: Trend Micro Inc. ---------- ************************************************************ 11:54:03 AM: Scanning -----VXD ENTRIES----- ************************************************************ 11:54:03 AM: Scanning ----- WINLOGON\NOTIFY DLLS ----- ************************************************************ 11:54:04 AM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: {48F45200-91E6-11CE-8A4F-0080C81A28D4} Path: C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll 292368 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- ************************************************************ 11:54:04 AM: Scanning ----- FOLDER\COLUMNHANDLERS ----- ************************************************************ 11:54:04 AM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BHO: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 37808 bytes Created: 9/23/2006 Modified: 3/2/2001 Company: ---------- Key: {2D9F1530-0B38-4DCB-A90A-CECD559F3514} BHO: C:\WINDOWS\system32\getsn32.dll C:\WINDOWS\system32\getsn32.dll 15360 bytes Created: 9/6/2008 Modified: 9/7/2008 Company: Microsoft Corporation ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: c:\program files\google\googletoolbar3.dll c:\program files\google\googletoolbar3.dll -R- 2403392 bytes Created: 10/14/2007 Modified: 1/19/2007 Company: Google Inc. ---------- ************************************************************ 11:54:06 AM: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 11:54:06 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- Value: {C5AF49A2-94F3-42BD-F234-3604812C897D} Comment: kjlsjf9843nksngfdgffn File: C:\WINDOWS\system32\ksfj83nwe.dll C:\WINDOWS\system32\ksfj83nwe.dll [file not found to scan] ---------- ************************************************************ 11:54:06 AM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 11:54:07 AM: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank ************************************************************ 11:54:07 AM: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 11:54:07 AM: Scanning ------ USER STARTUP GROUPS ------ Checking Startup Group for All Users [C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp] No Startup files for All Users were located to check ************************************************************ 11:54:07 AM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe 110592 bytes Created: 12/9/2006 Modified: 8/24/2000 Company: Adobe Systems, Inc. Adobe Gamma Loader.exe.lnk - links to C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 7/12/2006 Modified: 7/12/2006 Company: -------------------- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe 282624 bytes Created: 2/20/2007 Modified: 2/20/2007 Company: Eastman Kodak Company Kodak EasyShare software.lnk - links to C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -------------------- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe 16423 bytes Created: 2/13/2004 Modified: 2/13/2004 Company: KODAK Software Updater.lnk - links to C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -------------------- ************************************************************ 11:54:09 AM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Administrator [C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP] The Startup Group for Administrator attempts to load the following file(s): C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 9/27/2006 Modified: 7/12/2006 Company: ---------- -------------------- Checking Startup Group for: Eileen [C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP] The Startup Group for Eileen attempts to load the following file(s): C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 7/12/2006 Modified: 7/12/2006 Company: ---------- C:\Program Files\LimeWire\LimeWire.exe 147456 bytes Created: 2/8/2008 Modified: 2/8/2008 Company: Lime Wire, LLC LimeWire On Startup.lnk - links to C:\Program Files\LimeWire\LimeWire.exe ---------- ************************************************************ 11:54:10 AM: Scanning ----- SCHEDULED TASKS ----- Taskname: AppleSoftwareUpdate.job File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe C:\Program Files\Apple Software Update\SoftwareUpdate.exe 566592 bytes Created: 4/11/2008 Modified: 4/11/2008 Company: Apple Inc. Parameters: -task Next Run Time: 9/9/2008 1:43:00 PM Status: The task has not yet run Creator: SYSTEM Comments: [blank] ---------- ************************************************************ 11:54:10 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************************ 11:54:10 AM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Documents and Settings\Eileen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\Eileen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 9/23/2006 Modified: 5/12/2007 Company: ---------- Web Desktop Wallpaper entry is blank ---------- Additional checks completed ************************************************************ 11:54:13 AM: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe -------------------- C:\WINDOWS\system32\csrss.exe -------------------- C:\WINDOWS\system32\winlogon.exe -------------------- C:\WINDOWS\system32\services.exe -------------------- C:\WINDOWS\system32\lsass.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\System32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\spoolsv.exe -------------------- C:\WINDOWS\Explorer.EXE -------------------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -------------------- C:\Program Files\Bonjour\mDNSResponder.exe -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\SOUNDMAN.EXE -------------------- C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -------------------- C:\Program Files\Creative\Shared Files\CAMTRAY.EXE |
07.09.2008, 19:13 | #21 |
Java_bytever.bj ???? Sorry, aber wenn du dich nicht an die Anweisungen haltest, kann dir auch nicht geholfen werden. Von "Trojan Remover" halte ich nicht viel, ist für mich unnötig wie ein Kropf.
__________________ --> Java_bytever.bj ???? |
07.09.2008, 19:13 | #22 |
| Java_bytever.bj ???? Teil 4 -------------------- C:\Program Files\Pure Networks\Network Magic\nmapp.exe -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe -------------------- C:\Program Files\QuickTime\QTTask.exe -------------------- C:\Program Files\iTunes\iTunesHelper.exe -------------------- C:\Program Files\MSN Messenger\MsnMsgr.Exe -------------------- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -------------------- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe -------------------- C:\Program Files\LimeWire\LimeWire.exe -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe -------------------- C:\WINDOWS\system32\wdfmgr.exe -------------------- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -------------------- C:\Program Files\iPod\bin\iPodService.exe -------------------- C:\WINDOWS\System32\alg.exe -------------------- C:\Program Files\Internet Explorer\iexplore.exe -------------------- C:\Documents and Settings\Eileen\Application Data\Simply Super Software\Trojan Remover\pey44.exe FileSize: 2548288 [This is a Trojan Remover component] -------------------- -------------------- ************************************************************ 11:54:17 AM: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file ************************************************************ 11:54:17 AM: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINDOWS\system32 No malicious entries were found in the AUTOEXEC.NT file ************************************************************ 11:54:17 AM: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://start.shaw.ca/start/enCA HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\WINDOWS\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://www.google.com ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 11:54:17 AM 07 Sep 2008 ------------------------------------------------------------------------- One or more files could not be moved or renamed as requested. They may be in use by Windows, so Trojan Remover needs to restart the system in order to deal with these files. 9/7/2008 11:54:37 AM: restart commenced ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com [Registered to: mohd alhusain] Scan started at: 11:40:17 AM 07 Sep 2008 Using Database v7108 Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)] File System: NTFS Data directory: C:\Documents and Settings\Eileen\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Eileen\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ The regfile\shell\open\command Registry Key appears to have been modified. The current Registry entry is: regedit.exe "%1" %*. This entry calls the following file: C:\WINDOWS\regedit.exe Trojan Remover has restored the Registry regfile\shell\open key. -------------------- ************************************************************ 11:40:46 AM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ************************************************************ 11:40:46 AM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ************************************************************ 11:40:46 AM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 11:40:48 AM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): File: Explorer.exe C:\WINDOWS\Explorer.exe 1033728 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 26112 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- File: C:\WINDOWS\system32\uesiuqcr.exe C:\WINDOWS\system32\uesiuqcr.exe 85008 bytes Created: 9/6/2008 Modified: 9/6/2008 Company: Microsoft Corporation C:\WINDOWS\system32\uesiuqcr.exe - running process located and terminated C:\WINDOWS\system32\uesiuqcr.exe - file renamed to: C:\WINDOWS\system32\uesiuqcr.exe.vir ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Cmaudio Value Data: RunDll32 cmicnfg.cpl,CMICtrlWnd cmicnfg.cpl [file not found to scan] -------------------- Value Name: NeroFilterCheck Value Data: C:\WINDOWS\system32\NeroCheck.exe C:\WINDOWS\system32\NeroCheck.exe 155648 bytes Created: 9/23/2006 Modified: 7/9/2001 Company: Ahead Software Gmbh -------------------- Value Name: SoundMan Value Data: SOUNDMAN.EXE C:\WINDOWS\SOUNDMAN.EXE 577536 bytes Created: 9/23/2006 Modified: 3/1/2006 Company: Realtek Semiconductor Corp. -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe 49263 bytes Created: 2/17/2007 Modified: 10/12/2006 Company: Sun Microsystems, Inc. -------------------- Value Name: Creative WebCam Tray Value Data: C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\Creative\Shared Files\CAMTRAY.EXE 245760 bytes Created: 9/29/2006 Modified: 7/30/2004 Company: Creative Technology Ltd -------------------- Value Name: SiS Tray Value Data: Blank entry: [] -------------------- Value Name: SiS KHooker Value Data: C:\WINDOWS\system32\khooker.exe C:\WINDOWS\system32\khooker.exe [file not found to scan] -------------------- Value Name: nmapp Value Data: "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash C:\Program Files\Pure Networks\Network Magic\nmapp.exe 321088 bytes Created: 11/1/2006 Modified: 11/1/2006 Company: Pure Networks, Inc. -------------------- Value Name: pccguide.exe Value Data: C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe 3429904 bytes Created: 1/23/2007 Modified: 1/23/2007 Company: Trend Micro Inc. -------------------- Value Name: AppleSyncNotifier Value Data: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe 116040 bytes Created: 7/22/2008 Modified: 7/22/2008 Company: Apple Inc. -------------------- Value Name: QuickTime Task Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime C:\Program Files\QuickTime\QTTask.exe 413696 bytes Created: 5/27/2008 Modified: 5/27/2008 Company: Apple Inc. -------------------- Value Name: iTunesHelper Value Data: "C:\Program Files\iTunes\iTunesHelper.exe" C:\Program Files\iTunes\iTunesHelper.exe 289064 bytes Created: 7/30/2008 Modified: 7/30/2008 Company: Apple Inc. -------------------- Value Name: UserFaultCheck Value Data: %systemroot%\system32\dumprep 0 -u C:\WINDOWS\system32\dumprep 0 -u [file not found to scan] -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 914512 bytes Created: 9/7/2008 Modified: 8/19/2008 Company: Simply Super Software -------------------- |
07.09.2008, 19:14 | #23 |
| Java_bytever.bj ???? Teil 5 -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: MsnMsgr Value Data: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background C:\Program Files\MSN Messenger\MsnMsgr.Exe 5674352 bytes Created: 1/19/2007 Modified: 1/19/2007 Company: Microsoft Corporation -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx This Registry Key appears to be empty ************************************************************ 11:41:34 AM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************************ 11:41:34 AM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 11:41:34 AM: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\WINDOWS\system32\logon.scr C:\WINDOWS\system32\logon.scr 220672 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation -------------------- ************************************************************ 11:41:35 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {02C7D67F-6411-CD67-0202-030608030602} Path: C:\WINDOWS\system32\Smiley.exe C:\WINDOWS\system32\Smiley.exe 1185792 bytes Created: 8/4/2004 Modified: 8/4/2004 Company: ---------- Key: {4b218e3e-bc98-4770-93d3-2731b9329278} Path: %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf [file not found to scan] ---------- ************************************************************ 11:41:36 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: AppMgmt %SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found) -------------------- Key: HidServ %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found) -------------------- ************************************************************ 11:41:39 AM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: Apple Mobile Device ImagePath: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 116040 bytes Created: 7/22/2008 Modified: 7/22/2008 Company: Apple Inc. ---------- Key: Bonjour Service ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe" C:\Program Files\Bonjour\mDNSResponder.exe 229376 bytes Created: 7/24/2007 Modified: 7/24/2007 Company: Apple Inc. ---------- Key: cmuda ImagePath: system32\drivers\cmuda.sys C:\WINDOWS\system32\drivers\cmuda.sys 1373120 bytes Created: 6/9/2006 Modified: 6/9/2006 Company: C-Media Inc ---------- Key: IDriverT ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 69632 bytes Created: 4/4/2005 Modified: 4/4/2005 Company: Macrovision Corporation ---------- Key: ms_mpu401 ImagePath: system32\drivers\msmpu401.sys C:\WINDOWS\system32\drivers\msmpu401.sys 2944 bytes Created: 7/12/2006 Modified: 8/17/2001 Company: Microsoft Corporation ---------- Key: nmraapache ImagePath: "C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe 12800 bytes Created: 10/14/2006 Modified: 10/14/2006 Company: Pure Networks, Inc. ---------- Key: nmservice ImagePath: "C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe" C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe 321088 bytes Created: 11/1/2006 Modified: 11/1/2006 Company: Pure Networks, Inc. ---------- Key: PcCtlCom ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe 1922576 bytes Created: 1/23/2007 Modified: 1/23/2007 Company: Trend Micro Inc. ---------- Key: PcScnSrv ImagePath: "C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe" C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe 214544 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: PD0620VID ImagePath: system32\DRIVERS\P0620Vid.sys C:\WINDOWS\system32\DRIVERS\P0620Vid.sys -R- 91577 bytes Created: 9/29/2006 Modified: 7/28/2004 Company: Creative Technology Ltd. ---------- Key: pnarp ImagePath: system32\DRIVERS\pnarp.sys C:\WINDOWS\system32\DRIVERS\pnarp.sys 25792 bytes Created: 3/3/2007 Modified: 2/8/2007 Company: Pure Networks, Inc. ---------- Key: purendis ImagePath: system32\DRIVERS\purendis.sys C:\WINDOWS\system32\DRIVERS\purendis.sys 26944 bytes Created: 3/3/2007 Modified: 2/8/2007 Company: Pure Networks, Inc. ---------- Key: SiS315 ImagePath: system32\DRIVERS\sisgrp.sys C:\WINDOWS\system32\DRIVERS\sisgrp.sys 432384 bytes Created: 2/6/2002 Modified: 1/6/2004 Company: Silicon Integrated Systems Corporation ---------- Key: sisagp ImagePath: system32\DRIVERS\SISAGPX.sys C:\WINDOWS\system32\DRIVERS\SISAGPX.sys 30720 bytes Created: 10/26/2006 Modified: 1/13/2003 Company: Silicon Integrated Systems Corporation ---------- Key: SiSkp ImagePath: system32\drivers\srvkp.sys C:\WINDOWS\system32\drivers\srvkp.sys 11264 bytes Created: 10/26/2006 Modified: 10/2/2003 Company: Silicon Integrated Systems Corporation ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{FF3D0FB8-7566-42EE-91DC-CECE1B972A55} C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: tmcfw ImagePath: system32\DRIVERS\TM_CFW.sys C:\WINDOWS\system32\DRIVERS\TM_CFW.sys 288848 bytes Created: 9/7/2007 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: tmcomm ImagePath: \??\C:\WINDOWS\system32\drivers\tmcomm.sys C:\WINDOWS\system32\drivers\tmcomm.sys 138384 bytes Created: 12/29/2006 Modified: 12/24/2007 Company: Trend Micro Inc. ---------- Key: tmmbd ImagePath: system32\DRIVERS\tm_mbd_c.sys C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys 111888 bytes Created: 9/7/2007 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: Tmntsrv ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe 480784 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: TmPfw ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe 943696 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- |
07.09.2008, 19:16 | #24 |
| Java_bytever.bj ???? Teil 6 ---------- Key: tmpreflt ImagePath: system32\DRIVERS\tmpreflt.sys C:\WINDOWS\system32\DRIVERS\tmpreflt.sys 36368 bytes Created: 9/7/2007 Modified: 7/18/2008 Company: Trend Micro Inc. ---------- Key: tmproxy ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe 566872 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: tmtdi ImagePath: system32\DRIVERS\tmtdi.sys C:\WINDOWS\system32\DRIVERS\tmtdi.sys 75088 bytes Created: 9/7/2007 Modified: 12/29/2006 Company: Trend Micro Incorporated. ---------- Key: tmxpflt ImagePath: system32\DRIVERS\tmxpflt.sys C:\WINDOWS\system32\DRIVERS\tmxpflt.sys 205328 bytes Created: 9/7/2007 Modified: 7/18/2008 Company: Trend Micro Inc. ---------- Key: USBAAPL ImagePath: System32\Drivers\usbaapl.sys C:\WINDOWS\System32\Drivers\usbaapl.sys 32000 bytes Created: 9/3/2008 Modified: 7/22/2008 Company: Apple, Inc. ---------- Key: usnjsvc ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe" C:\Program Files\MSN Messenger\usnsvc.exe 97136 bytes Created: 1/19/2007 Modified: 1/19/2007 Company: Microsoft Corporation ---------- Key: vsapint ImagePath: system32\DRIVERS\vsapint.sys C:\WINDOWS\system32\DRIVERS\vsapint.sys 1195448 bytes Created: 9/7/2007 Modified: 7/18/2008 Company: Trend Micro Inc. ---------- ************************************************************ 11:41:48 AM: Scanning -----VXD ENTRIES----- ************************************************************ 11:41:48 AM: Scanning ----- WINLOGON\NOTIFY DLLS ----- ************************************************************ 11:41:48 AM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: {48F45200-91E6-11CE-8A4F-0080C81A28D4} Path: C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll 292368 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- ************************************************************ 11:41:48 AM: Scanning ----- FOLDER\COLUMNHANDLERS ----- ************************************************************ 11:41:48 AM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BHO: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 37808 bytes Created: 9/23/2006 Modified: 3/2/2001 Company: ---------- Key: {2D9F1530-0B38-4DCB-A90A-CECD559F3514} BHO: C:\WINDOWS\system32\getsn32.dll C:\WINDOWS\system32\getsn32.dll 15360 bytes Created: 9/6/2008 Modified: 9/7/2008 Company: Microsoft Corporation ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: c:\program files\google\googletoolbar3.dll c:\program files\google\googletoolbar3.dll -R- 2403392 bytes Created: 10/14/2007 Modified: 1/19/2007 Company: Google Inc. ---------- ************************************************************ 11:41:49 AM: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 11:41:50 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- Value: {C5AF49A2-94F3-42BD-F234-3604812C897D} Comment: kjlsjf9843nksngfdgffn File: C:\WINDOWS\system32\ksfj83nwe.dll C:\WINDOWS\system32\ksfj83nwe.dll [file not found to scan] ---------- ************************************************************ 11:41:50 AM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 11:41:50 AM: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank ************************************************************ 11:41:50 AM: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 11:41:50 AM: Scanning ------ USER STARTUP GROUPS ------ Checking Startup Group for All Users [C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp] No Startup files for All Users were located to check ************************************************************ 11:41:50 AM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe 110592 bytes Created: 12/9/2006 Modified: 8/24/2000 Company: Adobe Systems, Inc. Adobe Gamma Loader.exe.lnk - links to C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 7/12/2006 Modified: 7/12/2006 Company: -------------------- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe 282624 bytes Created: 2/20/2007 Modified: 2/20/2007 Company: Eastman Kodak Company Kodak EasyShare software.lnk - links to C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -------------------- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe 16423 bytes Created: 2/13/2004 Modified: 2/13/2004 Company: KODAK Software Updater.lnk - links to C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -------------------- ************************************************************ 11:41:52 AM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Administrator [C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP] The Startup Group for Administrator attempts to load the following file(s): C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 9/27/2006 Modified: 7/12/2006 Company: ---------- -------------------- Checking Startup Group for: Eileen [C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP] The Startup Group for Eileen attempts to load the following file(s): C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 7/12/2006 Modified: 7/12/2006 Company: ---------- C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP\IMVU.lnk - this links to C:\Program Files\IMVU\IMVUClient.exe - this Shortcut has been removed ---------- C:\Program Files\LimeWire\LimeWire.exe 147456 bytes Created: 2/8/2008 Modified: 2/8/2008 Company: Lime Wire, LLC LimeWire On Startup.lnk - links to C:\Program Files\LimeWire\LimeWire.exe ---------- ************************************************************ 11:42:30 AM: Scanning ----- SCHEDULED TASKS ----- Taskname: AppleSoftwareUpdate.job File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe C:\Program Files\Apple Software Update\SoftwareUpdate.exe 566592 bytes Created: 4/11/2008 Modified: 4/11/2008 Company: Apple Inc. Parameters: -task Next Run Time: 9/9/2008 1:43:00 PM Status: The task has not yet run Creator: SYSTEM Comments: [blank] ---------- ************************************************************ 11:42:31 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************************ 11:42:31 AM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- ============================== Restrictive Windows Explorer Policies found in force on this computer: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System Value: DisableTaskMgr HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System Value: DisableTaskMgr All Policy Values listed have been removed ============================== Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Documents and Settings\Eileen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\Eileen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 9/23/2006 Modified: 5/12/2007 Company: ---------- Web Desktop Wallpaper: %SystemRoot%\default.htm C:\WINDOWS\default.htm 1962 bytes Created: 9/6/2008 Modified: 9/7/2008 Company: C:\WINDOWS\default.htm appears to contain: TROJAN.FAKEALERT C:\WINDOWS\default.htm - this registry value has been removed C:\WINDOWS\default.htm - file renamed to: C:\WINDOWS\default.htm.vir ---------- Additional checks completed |
07.09.2008, 19:16 | #25 |
Java_bytever.bj ???? Sorry, die Teile kannst du dir sparen
__________________ mfg, Patrick Technische Kompromittierung => Tatort Internet Keine Windows-CD? Selbst brennen. |
07.09.2008, 19:17 | #26 |
| Java_bytever.bj ???? Und der letzte teil... ************************************************************ 11:43:19 AM: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe [1 loaded module] -------------------- C:\WINDOWS\system32\csrss.exe [11 loaded modules in total] -------------------- C:\WINDOWS\system32\winlogon.exe [68 loaded modules in total] -------------------- C:\WINDOWS\system32\services.exe [25 loaded modules in total] -------------------- C:\WINDOWS\system32\lsass.exe [56 loaded modules in total] -------------------- C:\WINDOWS\system32\svchost.exe [46 loaded modules in total] -------------------- C:\WINDOWS\system32\svchost.exe [37 loaded modules in total] -------------------- C:\WINDOWS\System32\svchost.exe [153 loaded modules in total] -------------------- C:\WINDOWS\system32\svchost.exe [30 loaded modules in total] -------------------- C:\WINDOWS\system32\svchost.exe [40 loaded modules in total] -------------------- C:\WINDOWS\system32\spoolsv.exe [53 loaded modules in total] -------------------- C:\WINDOWS\Explorer.EXE [94 loaded modules in total] -------------------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [23 loaded modules in total] -------------------- C:\Program Files\Bonjour\mDNSResponder.exe [25 loaded modules in total] -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe [51 loaded modules in total] -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe [34 loaded modules in total] -------------------- C:\WINDOWS\system32\svchost.exe [39 loaded modules in total] -------------------- C:\WINDOWS\SOUNDMAN.EXE [20 loaded modules in total] -------------------- C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [16 loaded modules in total] -------------------- C:\Program Files\Creative\Shared Files\CAMTRAY.EXE [31 loaded modules in total] -------------------- C:\Program Files\Pure Networks\Network Magic\nmapp.exe [80 loaded modules in total] -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe [33 loaded modules in total] -------------------- C:\Program Files\QuickTime\QTTask.exe [14 loaded modules in total] -------------------- C:\Program Files\iTunes\iTunesHelper.exe [47 loaded modules in total] -------------------- C:\Program Files\MSN Messenger\MsnMsgr.Exe [89 loaded modules in total] -------------------- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [191 loaded modules in total] -------------------- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [72 loaded modules in total] -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe [19 loaded modules in total] -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe [43 loaded modules in total] -------------------- C:\Program Files\LimeWire\LimeWire.exe [68 loaded modules in total] -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe [51 loaded modules in total] -------------------- C:\WINDOWS\system32\wdfmgr.exe [13 loaded modules in total] -------------------- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [72 loaded modules in total] -------------------- C:\Program Files\iPod\bin\iPodService.exe [28 loaded modules in total] -------------------- C:\WINDOWS\System32\alg.exe [29 loaded modules in total] -------------------- C:\Program Files\Outlook Express\msimn.exe [77 loaded modules in total] -------------------- C:\Program Files\Internet Explorer\iexplore.exe [104 loaded modules in total] -------------------- C:\WINDOWS\system32\NOTEPAD.EXE [23 loaded modules in total] -------------------- C:\Documents and Settings\Eileen\Application Data\Simply Super Software\Trojan Remover\pey44.exe FileSize: 2548288 [This is a Trojan Remover component] [22 loaded modules in total] -------------------- ************************************************************ 11:46:02 AM: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file ************************************************************ 11:46:02 AM: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINDOWS\system32 No malicious entries were found in the AUTOEXEC.NT file ************************************************************ 11:46:02 AM: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ 11:46:02 AM: Scanning ------ %TEMP% DIRECTORY ------ Scan cancelled by User Scan stopped by user after 1259 files scanned. -------------------- ************************************************************ 11:52:50 AM: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------ No files found to scan ************************************************************ 11:52:51 AM: Scanning ------ ROOT DIRECTORY ------ Scan stopped by user after 0 files scanned. -------------------- Internet Explorer settings were not checked. ************************************************************ === CHANGES WERE MADE TO THE WINDOWS REGISTRY === === CHANGES WERE MADE TO A USER'S STARTUP GROUP === === ONE OR MORE FILES WERE RENAMED OR REMOVED === Scan completed at: 11:52:51 AM 07 Sep 2008 ------------------------------------------------------------------------- One or more files could not be moved or renamed as requested. They may be in use by Windows, so Trojan Remover needs to restart the system in order to deal with these files. *** RESTART CANCELLED BY USER *** Active Malware may already be re-infecting the system. ************************************************************ |
07.09.2008, 19:22 | #27 | |
| Java_bytever.bj ????Zitat:
Vondaher habe ich dan "Trojan Remover" benutzt das du als"unoetig wie ein Kropf" findest. Komischer weise hat es mehr gebracht als die Anweisung?! |
07.09.2008, 19:29 | #28 |
Java_bytever.bj ???? Meinst du, durch ein dahergelaufenes Programm, das komischerweise nie empfohlen wird, reinigt dein kompromittiertes System? Schau mal hier => Technische Kompromittierung Wenn es bei dir jetzt nicht "Klick" macht, kann dir leider hier keiner helfen. EOD
__________________ mfg, Patrick Technische Kompromittierung => Tatort Internet Keine Windows-CD? Selbst brennen. |
Themen zu Java_bytever.bj ???? |
antivirus, dauert, fenster, funktioniert, gelbes, gen, helfen, java, malware, micro, probiert, programm, punkt, rechts, runterladen, sache, sachen, seite, seiten, spyware, starte, starten, trend, verseucht, versucht, virus |