|
Java_bytever.bj ???? Halli Hallo, Um es auf den Punkt zu bringen mein Pc ist verseucht bis zum geht nicht mehr.Internet seiten starten sich von alleine und unten rechts oeffnet sich andauert ein gelbes Fenster wo drin steht Das mein Pc mit Spyware und Malware versucht bin, und hir ein Programm runterladen soll um sie zu loeschen. Also ich denke mal das, das der Virus ist?! Ich habe auch mal mein Antivirus das ich habe ( Trend Micro Pc-chilln) durchlaufen lassen. Es hat 17 Sachen gefunden. JAVA_BYTEVER.BJ JAVA_BYTEVER.DL JAVA_BYTEVER.DK JAVA_BYTEVER.BK --- JAVA_BYTEVER.BJ JAVA_BYTEVER.DL JAVA_BYTEVER.DK JAVA_BYTEVER.BK --- Possible_SCRDL Possible_SCRDL Possible_SCRDL Possible_SCRDL Possible_SCRDL Possible_SCRDL TROJ_AGENT.AGER TROJ_AGENT.AGER TROJ_DLOADER.OCD Das ist was er gefunden hatte. Ich habe es probiert zu loeschen aber funktioniert hat es nicht. Kann mir villeicht jemand weiter helfen? Ich weis echt nicht mehr weiter. :killpc: mfg :huepp: |
Hi, du könntest die Pfade zu den Funden angeben oder noch besser den ganzen Report von Trend Micro posten. Nebenbei auch ein regelkonformes HijackThis Logfile. |
hi, Hir ist der Logfile fuer Trend Mirco. Warum der solange ist weis ich nicht. Meines wissens hat er nur 17 gefunden naja. "Virus Scan Logs","2008/09/06","***-EAC181B4" "Time","Security Feature","Source Type","Virus Name","File Name","First Action","Second Action" "00:01","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\4HQVW1ER\test2[1].exe","Quarantine Success","" "00:01","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\yaywwVLf.dll","Quarantine Success","" "00:02","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\0LQB01IN\tmp[1].exe","Quarantine Success","" "00:02","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\ltmxn.exe","Quarantine Success","" "00:02","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\V10GTVVD\554[1].exe","Quarantine Success","" "00:02","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\nujjl.exe","Quarantine Success","" "00:16","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\0LQB01IN\test2[1].exe","Quarantine Success","" "00:16","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\fccBsSij.dll","Quarantine Success","" "00:17","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\4HQVW1ER\tmp[1].exe","Quarantine Success","" "00:17","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\mldpe.exe","Quarantine Success","" "00:17","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\0LQB01IN\554[1].exe","Quarantine Success","" "00:17","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\zlwco.exe","Quarantine Success","" "00:31","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\V10GTVVD\test2[1].exe","Quarantine Success","" "00:31","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\pmnlkLFy.dll","Quarantine Success","" "00:32","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\0LQB01IN\tmp[1].exe","Quarantine Success","" "00:32","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\pxcuo.exe","Quarantine Success","" "00:32","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\4HQVW1ER\554[1].exe","Quarantine Success","" "00:32","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\rbibl.exe","Quarantine Success","" "10:46","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\CJGJ6N0Z\test2[1].exe","Quarantine Success","" "10:46","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\V10GTVVD\tmp[1].exe","Quarantine Success","" "10:46","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\cfwhz.exe","Quarantine Success","" "10:46","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\tuvVMfdb.dll","Quarantine Success","" "10:46","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\0LQB01IN\554[1].exe","Quarantine Success","" "10:46","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\oaply.exe","Quarantine Success","" "10:56","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\4HQVW1ER\test2[1].exe","Quarantine Success","" "10:56","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\vtULCTLC.dll","Quarantine Success","" "10:56","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\CJGJ6N0Z\tmp[1].exe","Quarantine Success","" "10:56","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\leuwl.exe","Quarantine Success","" "10:57","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\V10GTVVD\554[1].exe","Quarantine Success","" "10:57","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\grdlj.exe","Quarantine Success","" "11:11","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\0LQB01IN\test2[1].exe","Quarantine Success","" "11:11","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\pmnoLfde.dll","Quarantine Success","" "11:11","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\4HQVW1ER\tmp[1].exe","Quarantine Success","" "11:11","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\ejftw.exe","Quarantine Success","" "11:12","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\CJGJ6N0Z\554[1].exe","Quarantine Success","" "11:12","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\rxfck.exe","Quarantine Success","" "11:25","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\V10GTVVD\test2[1].exe","Quarantine Success","" "11:26","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\byXonMdb.dll","Quarantine Success","" "11:26","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\0LQB01IN\tmp[1].exe","Quarantine Success","" "11:26","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\corzh.exe","Quarantine Success","" "11:26","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\4HQVW1ER\554[1].exe","Quarantine Success","" "11:26","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\yxufk.exe","Quarantine Success","" "11:40","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\CJGJ6N0Z\test2[1].exe","Quarantine Success","" "11:41","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\jkkHYPHy.dll","Quarantine Success","" "11:41","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\V10GTVVD\tmp[1].exe","Quarantine Success","" "11:41","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\uvcap.exe","Quarantine Success","" "11:41","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\0LQB01IN\554[1].exe","Quarantine Success","" "11:41","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\vpdjz.exe","Quarantine Success","" "11:55","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\4HQVW1ER\test2[1].exe","Quarantine Success","" "11:56","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\vtUmMdeC.dll","Quarantine Success","" "11:56","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\CJGJ6N0Z\tmp[1].exe","Quarantine Success","" "11:56","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\ptcfc.exe","Quarantine Success","" "11:56","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\V10GTVVD\554[1].exe","Quarantine Success","" "11:56","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\qjxed.exe","Quarantine Success","" "12:11","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\SPEB856V\test2[1].exe","Quarantine Success","" "12:11","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\fccyaAtu.dll","Quarantine Success","" "12:11","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\89QJKX2J\tmp[1].exe","Quarantine Success","" "12:11","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\gitze.exe","Quarantine Success","" "12:12","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\CJGJ6N0Z\554[1].exe","Quarantine Success","" "12:12","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\hqpzb.exe","Quarantine Success","" "12:26","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\V10GTVVD\test2[1].exe","Quarantine Success","" "12:26","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\ddcYqroN.dll","Quarantine Success","" "12:26","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\SPEB856V\tmp[1].exe","Quarantine Success","" "12:26","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\oupsj.exe","Quarantine Success","" "12:27","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\89QJKX2J\554[1].exe","Quarantine Success","" "12:27","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\hsakv.exe","Quarantine Success","" "12:41","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\GXMB01QF\test2[1].exe","Quarantine Success","" "12:41","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\qoMgggHw.dll","Quarantine Success","" "12:41","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\MX8H2XAZ\tmp[1].exe","Quarantine Success","" "12:41","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\xeelk.exe","Quarantine Success","" "12:41","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\SPEB856V\554[1].exe","Quarantine Success","" "12:41","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\bomdm.exe","Quarantine Success","" "12:56","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\4HQVW1ER\test2[1].exe","Quarantine Success","" "12:56","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\vtUkiGWM.dll","Quarantine Success","" "12:56","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\GXMB01QF\tmp[1].exe","Quarantine Success","" "12:56","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\cywkb.exe","Quarantine Success","" "12:56","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\MX8H2XAZ\554[1].exe","Quarantine Success","" "12:56","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\fvxjm.exe","Quarantine Success","" "13:11","Manual Scan","File","JAVA_BYTEVER.BJ","MagicApplet.class (C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-48717fd3-78af5608.zip)","Quarantine Fail","" "13:11","Manual Scan","File","JAVA_BYTEVER.DL","OwnClassLoader.class (C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-48717fd3-78af5608.zip)","Quarantine Fail","" "13:11","Manual Scan","File","JAVA_BYTEVER.DK","ProxyClassLoader.class (C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-48717fd3-78af5608.zip)","Quarantine Fail","" "13:11","Manual Scan","File","---","C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-48717fd3-78af5608.zip","Quarantine Success","" "13:11","Manual Scan","File","JAVA_BYTEVER.BK","Installer.class (C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-48717fd3-78af5608.zip)","Quarantine Fail","" "13:11","Manual Scan","File","JAVA_BYTEVER.BJ","MagicApplet.class (C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-6c2fc83e-2ece0469.zip)","Quarantine Fail","" "13:11","Manual Scan","File","JAVA_BYTEVER.DL","OwnClassLoader.class (C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-6c2fc83e-2ece0469.zip)","Quarantine Fail","" "13:11","Manual Scan","File","JAVA_BYTEVER.DK","ProxyClassLoader.class (C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-6c2fc83e-2ece0469.zip)","Quarantine Fail","" "13:11","Manual Scan","File","JAVA_BYTEVER.BK","Installer.class (C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-6c2fc83e-2ece0469.zip)","Quarantine Fail","" "13:11","Manual Scan","File","---","C:\Documents and Settings\***\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-6c2fc83e-2ece0469.zip","Quarantine Success","" "13:23","Manual Scan","File","Possible_SCRDL","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\00LSYPBV\10[1].htm","None Taken","" "13:26","Manual Scan","File","Possible_SCRDL","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\89QJKX2J\10[1].htm","None Taken","" "13:28","Manual Scan","File","Possible_SCRDL","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\CTEZKHI3\10[1].htm","None Taken","" "13:28","Manual Scan","File","Possible_SCRDL","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\GXMB01QF\10[1].htm","None Taken","" "13:30","Manual Scan","File","Possible_SCRDL","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\TCHHFTTJ\10[1].htm","None Taken","" "13:31","Manual Scan","File","Possible_SCRDL","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\V10GTVVD\10[1].htm","None Taken","" "13:33","Manual Scan","File","TROJ_AGENT.AGER","C:\Documents and Settings\LocalService\CookiesËvwknv¹òïò","Quarantine Success","" "13:33","Manual Scan","File","TROJ_AGENT.AGER","C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8205005F\554[1].exe","Quarantine Success","" "13:33","Manual Scan","File","TROJ_DLOADER.OCD","C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HYTH0TIY\tmp[1].exe","Quarantine Success","" "14:26","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\8HMFODYV\test2[1].exe","Quarantine Success","" "14:26","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\opnkkkli.dll","Quarantine Success","" "14:26","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\V10GTVVD\tmp[1].exe","Quarantine Success","" "14:26","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\jncks.exe","Quarantine Success","" "14:26","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\SLAZCD23\554[1].exe","Quarantine Success","" "14:26","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\ggags.exe","Quarantine Success","" "14:41","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\0LQB01IN\test2[1].exe","Quarantine Success","" "14:41","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\efcYRHyA.dll","Quarantine Success","" "14:41","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\8HMFODYV\tmp[1].exe","Quarantine Success","" "14:41","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\qkzyq.exe","Quarantine Success","" "14:41","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\V10GTVVD\554[1].exe","Quarantine Success","" "14:41","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\irwts.exe","Quarantine Success","" "14:56","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\MFMZQZ4V\test2[1].exe","Quarantine Success","" "14:56","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\awtutRJD.dll","Quarantine Success","" "14:56","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\A3S3TAR6\tmp[1].exe","Quarantine Success","" "14:56","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\pkojg.exe","Quarantine Success","" "14:57","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\MFMZQZ4V\554[1].exe","Quarantine Success","" "14:57","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\rsklr.exe","Quarantine Success","" "15:11","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\0LQB01IN\test2[1].exe","Quarantine Success","" "15:11","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\nnnkIaby.dll","Quarantine Success","" "15:11","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\V5VSHJF4\tmp[1].exe","Quarantine Success","" "15:11","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\pdneo.exe","Quarantine Success","" "15:11","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\CJGJ6N0Z\554[1].exe","Quarantine Success","" "15:11","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\****\Cookies\vdryu.exe","Quarantine Success","" "15:26","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\00LSYPBV\test2[1].exe","Quarantine Success","" "15:26","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\cbXPhhij.dll","Quarantine Success","" "15:26","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\0LQB01IN\tmp[1].exe","Quarantine Success","" "15:26","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\xuytu.exe","Quarantine Success","" "15:27","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\CJGJ6N0Z\554[1].exe","Quarantine Success","" "15:27","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\clijq.exe","Quarantine Success","" "15:41","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\CJGJ6N0Z\test2[1].exe","Quarantine Success","" "15:41","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\urqNEVMe.dll","Quarantine Success","" "15:41","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\00LSYPBV\tmp[1].exe","Quarantine Success","" "15:41","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\iyrmi.exe","Quarantine Success","" "15:41","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\0LQB01IN\554[1].exe","Quarantine Success","" "15:41","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\murdc.exe","Quarantine Success","" "15:56","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\89QJKX2J\test2[1].exe","Quarantine Success","" "15:56","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\mlJDSLbb.dll","Quarantine Success","" "15:56","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\V5VSHJF4\tmp[1].exe","Quarantine Success","" "15:56","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\xdvzl.exe","Quarantine Success","" "15:57","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\00LSYPBV\554[1].exe","Quarantine Success","" "15:57","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\zgjhd.exe","Quarantine Success","" "16:10","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\MFMZQZ4V\test2[1].exe","Quarantine Success","" "16:11","File Monitor","File","TROJ_MONDERB.AF","C:\WINDOWS\system32\xxyaAsrO.dll","Quarantine Success","" "16:11","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\MX8H2XAZ\tmp[1].exe","Quarantine Success","" "16:11","File Monitor","File","TROJ_DLOADER.OCD","C:\Documents and Settings\***\Cookies\cskyu.exe","Quarantine Success","" "16:11","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\0LQB01IN\554[1].exe","Quarantine Success","" "16:11","File Monitor","File","TROJ_AGENT.AGER","C:\Documents and Settings\***\Cookies\noswz.exe","Quarantine Success","" HijackThis Logfile folgt...:killpc: |
Hir das HijackThis Logfile.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:30:49 PM, on 9/6/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\DOCUME~1\***\LOCALS~1\Temp\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\WINDOWS\TEMP\mainti2.exe C:\WINDOWS\system32\uesiuqcr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\webHancer\Programs\whagent.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\Internet Security 2007\pccmain.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PccVScan.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: getsn32.msiesn - {2D9F1530-0B38-4DCB-A90A-CECD559F3514} - C:\WINDOWS\system32\getsn32.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Run] "C:\Documents and Settings\***\Application Data\Adobe\Manager.exe" O4 - HKUS\S-1-5-18\..\Run: [Run] "C:\Documents and Settings\LocalService\Application Data\Adobe\Manager.exe" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Run] "C:\Documents and Settings\LocalService\Application Data\Adobe\Manager.exe" (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\***\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O10 - Hijacked Internet access by WebHancer O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://217.22.201.135/activex/AMC.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O22 - SharedTaskScheduler: kjlsjf9843nksngfdgffn - {C5AF49A2-94F3-42BD-F234-3604812C897D} - C:\WINDOWS\system32\ksfj83nwe.dll (file missing) O23 - Service: Print Spooler Service (a6vowoi3iy) - Unknown owner - C:\WINDOWS\system32\odibjh.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Network Driver Interface - Unknown owner - C:\DOCUME~1\Eileen\LOCALS~1\Temp\svchost.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe O24 - Desktop Component 0: (no name) - h**p://207.46.10.252/cgi-bin/getmsg/pic9.jpg?&msg=BCC162AD-09A4-4F5F-A722-7C5F1097FB73&start=0&len=77931&mimepart=3&curmbox=00000000-0000-0000-0000-000000000001&b=45cf5edc0ea994a81e153c11ff285cd7&disk=10.1.106.220_d2219&login=tic%2dtac%2dup%2dur%2dnose&domain=hotmail%2ecom&hm___sig=9cbf261b01c7498 c256d2de97f74fe64f3722478614ec45a -- End of file - 9608 bytes :balla: |
So, folge den Schritten genau der Reihe nach: 1.) Dateien Online überprüfen lassen:
Code: C:\DOCUME~1\***\LOCALS~1\Temp\svchost.exe
2.) LSPFix anwenden: Im WINSOCK von Windows werden Funktionen gesammelt (Bibliothek) welche zum Zugriff auf Netzwerkkomponenten nötig ist. Winsock ergänzt Windows um das TCP/IP-Protokoll und ist für die Verbindung des PCs mit dem Internet zuständig. Sie wird oftmals durch spezielle schädliche Software (Webhancer, NewDotNet) zerstört.
Code: Die bösartigen Einträge sind schon Rechts
3.) SDFix anwenden:
4.) MalwareBytes Anti-Malware:
|
So ich habe Schritt eins schon mal gemacht. Ich habe auch folgende Datein: C:\DOCUME~1\***\LOCALS~1\Temp\svchost.exe C:\WINDOWS\system32\uesiuqcr.exe auf Virustotal geladen das war das ergebniss... C:\DOCUME~1\***\LOCALS~1\Temp\svchost.exe MD5: 6564a4020125132069eec77cd033b861 First received: 09.05.2008 01:00:43 (CET) Date: 09.05.2008 16:54:25 (CET) [+1D] Results: 4/36 Permalink: analisis/261f29adbb8683cc329c222ce3f4d6fd File index39.exe received on 09.05.2008 16:53:20 (CET) Current status: finished Result: 4/36 (11.11%) Compact Print results Antivirus Version Last Update Result AhnLab-V3 2008.9.5.1 2008.09.05 - AntiVir 7.8.1.28 2008.09.05 - Authentium 5.1.0.4 2008.09.05 - Avast 4.8.1195.0 2008.09.05 - AVG 8.0.0.161 2008.09.05 - BitDefender 7.2 2008.09.05 - CAT-QuickHeal 9.50 2008.09.02 - ClamAV 0.93.1 2008.09.05 - DrWeb 4.44.0.09170 2008.09.05 - eSafe 7.0.17.0 2008.09.03 - eTrust-Vet 31.6.6071 2008.09.05 - Ewido 4.0 2008.09.04 - F-Prot 4.4.4.56 2008.09.04 - F-Secure 8.0.14332.0 2008.09.05 - Fortinet 3.14.0.0 2008.09.03 - GData 19 2008.09.05 - Ikarus T3.1.1.34.0 2008.09.05 - K7AntiVirus 7.10.443 2008.09.05 - Kaspersky 7.0.0.125 2008.09.05 - McAfee 5377 2008.09.04 - Microsoft 1.3903 2008.09.05 Worm:Win32/Hamweq.gen!B NOD32v2 3419 2008.09.05 probably a variant of Win32/AutoRun.KS Norman 5.80.02 2008.09.05 - Panda 9.0.0.4 2008.09.04 - PCTools 4.4.2.0 2008.09.05 - Prevx1 V2 2008.09.05 Cloaked Malware Rising 20.60.42.00 2008.09.05 - Sophos 4.33.0 2008.09.05 - Sunbelt 3.1.1610.1 2008.09.05 - Symantec 10 2008.09.05 Downloader TheHacker 6.3.0.8.072 2008.09.04 - TrendMicro 8.700.0.1004 2008.09.05 - VBA32 3.12.8.5 2008.09.05 - ViRobot 2008.9.5.1365 2008.09.05 - VirusBuster 4.5.11.0 2008.09.05 - Webwasher-Gateway 6.6.2 2008.09.05 - Additional information File size: 11776 bytes MD5...: 6564a4020125132069eec77cd033b861 SHA1..: fc22c93ac56ed422b9dd21b74a58450f3dfeae6f SHA256: 19ffa38a6d093465d4f008c082b71b0f4dda56ee7a591bceaf279d2504ae2536 SHA512: 8468455511e8ba08388627373a700ab7875baef94f24fbccfa685a6f280f643b e4718bb9c87aad9d0ac20967d81fa5dd023bb77406066e26cea58317b2d93625 PEiD..: - TrID..: File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x401caa timedatestamp.....: 0x48c04ed6 (Thu Sep 04 21:10:46 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1d79 0x1e00 5.85 f6047ec0591d79467d0c900a4114d3aa .rdata 0x3000 0x310 0x400 3.99 f3ae83658e60b70a4bdd792c4e100220 .data 0x4000 0x75c 0x800 5.02 34b7b3a7181b941f82dac0bc9bbd4596 ( 2 imports ) > KERNEL32.dll: GetTickCount, GetLastError, GetModuleHandleA, GetModuleFileNameA, lstrcpyA, lstrcatA, Sleep, LoadLibraryA, GetProcAddress, ExitProcess, lstrcpynA, lstrlenA, GetCurrentProcess, CloseHandle > ADVAPI32.dll: QueryServiceStatus, CreateServiceA, CloseServiceHandle, RegisterServiceCtrlHandlerA, SetServiceStatus, OpenSCManagerA, OpenServiceA, StartServiceCtrlDispatcherA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, StartServiceA ( 0 exports ) Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=62A252F200AB774A2E0F00EB51F31500EFB8C214 C:\WINDOWS\system32\uesiuqcr.exe MD5: 3f883039cb9f132845b2595430915137 First received: 09.06.2008 01:50:03 (CET) Date: 09.07.2008 01:16:11 (CET) [<1D] Results: 12/36 Permalink: analisis/d7fb4980d52d0517bcb9f1e998e6c3a9 File mainti2.exe received on 09.07.2008 01:15:02 (CET) Current status: finished Result: 12/36 (33.33%) Compact Print results Antivirus Version Last Update Result AhnLab-V3 2008.9.6.0 2008.09.06 - AntiVir 7.8.1.28 2008.09.05 TR/Crypt.FKM.Gen Authentium 5.1.0.4 2008.09.06 - Avast 4.8.1195.0 2008.09.06 - AVG 8.0.0.161 2008.09.07 - BitDefender 7.2 2008.09.06 Trojan.Downloader.VB.Gen.1 CAT-QuickHeal 9.50 2008.09.06 - ClamAV 0.93.1 2008.09.06 - DrWeb 4.44.0.09170 2008.09.06 - eSafe 7.0.17.0 2008.09.03 Suspicious File eTrust-Vet 31.6.6072 2008.09.05 - Ewido 4.0 2008.09.06 - F-Prot 4.4.4.56 2008.09.06 - F-Secure 8.0.14332.0 2008.09.06 AdWare.Win32.BHO.cvf Fortinet 3.112.0.0 2008.09.06 W32/BbFake.A!tr GData 19 2008.09.07 - Ikarus T3.1.1.34.0 2008.09.06 not-a-virus:AdWare.Win32.CashDeluxe.b K7AntiVirus 7.10.443 2008.09.05 - Kaspersky 7.0.0.125 2008.09.07 not-a-virus:AdWare.Win32.BHO.cvf McAfee 5378 2008.09.05 - Microsoft 1.3903 2008.09.07 TrojanDownloader:Win32/Cadux.B NOD32v2 3423 2008.09.06 - Norman 5.80.02 2008.09.05 - Panda 9.0.0.4 2008.09.06 Suspicious file PCTools 4.4.2.0 2008.09.06 - Prevx1 V2 2008.09.07 Malicious Software Rising 20.60.52.00 2008.09.06 - Sophos 4.33.0 2008.09.06 Mal/Behav-210 Sunbelt 3.1.1610.1 2008.09.05 - Symantec 10 2008.09.07 - TheHacker 6.3.0.8.075 2008.09.06 - TrendMicro 8.700.0.1004 2008.09.05 - VBA32 3.12.8.5 2008.09.06 - ViRobot 2008.9.5.1365 2008.09.06 - VirusBuster 4.5.11.0 2008.09.06 - Webwasher-Gateway 6.6.2 2008.09.05 Trojan.Crypt.FKM.Gen Additional information File size: 85008 bytes MD5...: 3f883039cb9f132845b2595430915137 SHA1..: 293046da211fad4de1831c7fd9482e3e4b776489 SHA256: 64d141fbe86cd6aa7c6bb64bca9ab8dc9074e0b0210e0bfe03c3cf1aae9cf03d SHA512: 8a2fbd38e74f899aa6134c3749e4f0dcf584a89637cac119db828b28b2660e36 288ea7b9ad0f4a8da371bdc837a2b8edfaeb0180d0ba4fa38950336cf2a51c33 PEiD..: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser TrID..: File type identification Win32 Executable Microsoft Visual Basic 6 (64.4%) UPX compressed Win32 Executable (15.6%) Win32 EXE Yoda's Crypter (13.5%) Win32 Executable Generic (4.3%) Generic Win/DOS Executable (1.0%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x537d40 timedatestamp.....: 0x48c13f4f (Fri Sep 05 14:16:47 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x129000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x12a000 0xe000 0xe000 7.86 6a460f049cce17036fd83811692bedcd .rsrc 0x138000 0x1000 0xa00 3.27 d53818bdf0800f4ee3e9598ec96f8666 ( 2 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > MSVBVM60.DLL: - ( 0 exports ) Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=F3B63ECA108ED02C4CC4016149FB4C00490060C2 packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.UPX, UPX, PE_Patch.UPX, UPX packers (F-Prot): UPX So nechster post kommt gleich... Und danke fuer die Hilfe bis jetzt. :bussi: |
Soa hab jetzt (LSPFix) angewendet. Hier ist dazu der Report... Teil 1...:sword2: SDFix: Version 1.221 Run by Administrator on Sat 09/06/2008 at 07:25 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Name : a6vowoi3iy Path : C:\WINDOWS\system32\odibjh.exe /service a6vowoi3iy - Deleted Restoring Default Security Values Restoring Default Hosts File Restoring Default Desktop Wallpaper Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted C:\WINDOWS\system32\odibjh.exe - Deleted C:\Documents and Settings\Eileen\Application Data\Adobe\Manager.exe - Deleted C:\Documents and Settings\LocalService\Application Data\Adobe\Manager.exe - Deleted C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015\svchost.exe - Deleted C:\WINDOWS\default.htm - Deleted Folder C:\Documents and Settings\Eileen\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-06 19:49:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : C:\WINDOWS\default.htm Found File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 3 Oct 2006 4,908,984 ...H. --- "C:\Program Files\Picasa2\setup.exe" Wed 11 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E7.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2EA.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2EB.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2ED.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2EE.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2EF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F0.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F4.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F5.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F7.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2FB.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2FC.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2FD.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2FE.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2FF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\300.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\302.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\304.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\305.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\306.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\307.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\308.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\30A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\31A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\31C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\31D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\31E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\320.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\322.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\323.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\324.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\325.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\326.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\327.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\329.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\32A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\32B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\32C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\32D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\32F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\330.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\331.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\332.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\333.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\334.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\336.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\337.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\338.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\339.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\33A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\33B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\33D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\33E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\33F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\340.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\341.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\343.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\344.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\345.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\346.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\347.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\348.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\34A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\34B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\34C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\34D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\34E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\34F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\351.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\352.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\353.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\354.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\355.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\357.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\358.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\359.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\35A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\35B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\35C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\35E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\35F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\360.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\361.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\362.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\365.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\367.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\368.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\371.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\372.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\373.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\374.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\375.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\376.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\378.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\379.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\37A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\37B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\37C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\37E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\37F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\380.tmp" |
Teil 2 :balla::schrei: Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\381.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\382.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\383.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\385.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\386.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\387.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\388.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\389.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\38B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\38C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\38D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\38E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\38F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\391.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\392.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\393.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\394.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\395.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\397.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\398.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\399.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\39A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\39B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\39C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\39E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\39F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3A0.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3A1.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3A2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3A3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3A5.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3A6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3A7.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3A8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3A9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3AB.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3AC.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3AD.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3AE.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3AF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3B1.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3B3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3B4.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3B5.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3B6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3B7.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3B9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3BA.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3BB.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3BC.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3BD.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3BF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3C0.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3C1.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3C2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3C3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3C4.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3C6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3CE.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3D2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3D3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3D6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3D8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3D9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3DC.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3DD.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3DE.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3E0.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3E2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3E3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3E4.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3E5.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3E6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3E8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3E9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3EA.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3EB.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3EC.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3ED.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3EF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3F0.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3F1.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3F2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3F3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3F4.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3F6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3F7.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3F8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3F9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3FA.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3FB.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3FD.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3FE.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3FF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\400.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\401.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\403.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\404.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\405.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\406.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\407.tmp" |
Teil 3 :juul: Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\408.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\40A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\40B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\40C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\40D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\40E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\410.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\411.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\412.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\413.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\414.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\415.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\417.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\418.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\513.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\515.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\517.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\518.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\519.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\51A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\51B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\51C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\51E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\51F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\520.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\521.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\522.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\523.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\525.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\526.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\527.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\528.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\529.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\52A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\52C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\52D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\52E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\52F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\530.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\531.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\533.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\534.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\535.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\536.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\537.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\538.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\53B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\53C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\53D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\53E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\53F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\541.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\542.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\543.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\544.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\545.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\546.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\548.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\549.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\54A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\54B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\54C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\54D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\54F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\550.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\551.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\552.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\553.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\554.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\556.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\557.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\558.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\559.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\55A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\55B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\55D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\55E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\55F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\560.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\561.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\562.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\564.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\565.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\566.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\567.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\568.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\569.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\56B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\56C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\56D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\56E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\56F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\570.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\572.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\573.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\577.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\578.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\57B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\57C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\57E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\581.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\582.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\583.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\585.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\586.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\588.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\589.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\58A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\58B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\58C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\58D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\58F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\590.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\591.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\592.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\593.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\595.tmp" |
Teil 4 :teufel2: Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\596.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\597.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\598.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\599.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\59A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\59C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\59D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\59E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\59F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A0.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A1.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A4.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A5.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A7.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5AA.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5AB.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5AC.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5AD.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5AE.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5AF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B1.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B4.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B5.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5BA.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5BB.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5BC.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5BD.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5BF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5C0.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5C1.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5C2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5C3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5C4.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5C6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5C7.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5C8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5C9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5CA.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5CB.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5CD.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5CE.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5CF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5D0.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5D1.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5D2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5D4.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5D5.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5D6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5D7.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5D8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5D9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5DB.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5DC.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5DD.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5DE.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5DF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5E0.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5E2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5EB.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5EE.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5EF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5F2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5F3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5F5.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5F8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5F9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5FA.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5FC.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5FD.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5FF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\600.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\601.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\602.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\603.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\604.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\606.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\607.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\608.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\609.tmp" |
Teil 5:aufsmaul: Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\60A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\60B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\60D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\60E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\60F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\610.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\611.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\612.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\614.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\615.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\616.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\617.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\618.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\619.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\61B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\61C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\61D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\61E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\61F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\620.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\622.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\623.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\624.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\625.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\626.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\627.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\629.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\62A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\62B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\62C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\62D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\62E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\630.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\631.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\632.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\633.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\634.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\635.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\637.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\638.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\639.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\63A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\63B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\63C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\63E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\63F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\640.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\641.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\642.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\643.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\645.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\646.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\647.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\648.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\649.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\64B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\64C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\64D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\64E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\64F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\650.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\652.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\653.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\654.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\655.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\656.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\657.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\659.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\65B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\65E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\65F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\662.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\663.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\665.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\668.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\669.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\66B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\66D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\66E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\670.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\671.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\672.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\673.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\674.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\675.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\677.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\678.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\679.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\67A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\67B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\67C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\67E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\67F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\680.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\681.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\682.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\683.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\685.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\686.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\687.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\688.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\689.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\68A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\68C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\68D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\68E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\68F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\690.tmp" |
Teil 6 :nixda: Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\691.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\693.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\694.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\695.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\696.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\697.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\698.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\69A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\69B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\69C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\69D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\69E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\69F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6A1.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6A2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6A3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6A4.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6A5.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6A6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6A8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6A9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6AA.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6AB.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6AC.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6AD.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6AF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6B0.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6B1.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6B2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6B3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6B5.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6B6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6B7.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6B8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6B9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6BA.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6BC.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6BD.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6BE.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6BF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6C0.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6C1.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6C3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6C4.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6C5.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6C6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6C7.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6C8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6CA.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6CE.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6CF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6D2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6D3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6D4.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6D8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6D9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6DB.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6DD.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6DE.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6DF.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6E1.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6E2.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6E3.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6E4.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6E5.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6E6.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6E8.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6E9.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6EA.tmp" |
So da kommt noch mehr... aber des wird noch bis zu 20 Seiten werden deswegen hoer ich damit jetz auf und geh gleich zum ende. Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C06.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C07.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C09.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C0A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C0B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C0C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C0D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C0E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C10.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C12.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C15.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C17.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C19.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C1B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C1E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C1F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C20.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C22.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C23.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C25.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C2B.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C2C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C2D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C2F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C30.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C32.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C34.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C35.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C36.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C3A.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C3C.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C3D.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C3E.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C3F.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C40.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C41.tmp" Fri 5 Sep 2008 372 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C43.tmp" Wed 11 Oct 2006 4,348 ...H. --- "C:\Documents and Settings\Eileen\My Documents\My Music\License Backup\drmv1key.bak" Wed 11 Oct 2006 20 A..H. --- "C:\Documents and Settings\Eileen\My Documents\My Music\License Backup\drmv1lic.bak" Fri 29 Sep 2006 312 ...H. --- "C:\Documents and Settings\Eileen\My Documents\My Music\License Backup\drmv2key.bak" Wed 11 Oct 2006 1,536 A..H. --- "C:\Documents and Settings\Eileen\My Documents\My Music\License Backup\drmv2lic.bak" Finished! |
So hir ist dan noch mal der neue HijackThis Report...:D Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:46:01 PM, on 9/6/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\uesiuqcr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\Pure Networks\Network Magic\nmapp.exe C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\LimeWire\LimeWire.exe C:\DOCUME~1\***\LOCALS~1\Temp\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: getsn32.msiesn - {2D9F1530-0B38-4DCB-A90A-CECD559F3514} - C:\WINDOWS\system32\getsn32.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [Run] "C:\Documents and Settings\LocalService\Application Data\Adobe\Manager.exe" (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Run] "C:\Documents and Settings\LocalService\Application Data\Adobe\Manager.exe" (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Eileen\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://217.22.201.135/activex/AMC.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O22 - SharedTaskScheduler: kjlsjf9843nksngfdgffn - {C5AF49A2-94F3-42BD-F234-3604812C897D} - C:\WINDOWS\system32\ksfj83nwe.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Network Driver Interface - Unknown owner - C:\DOCUME~1\Eileen\LOCALS~1\Temp\svchost.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe O24 - Desktop Component 0: (no name) - http://207.46.10.252/cgi-bin/getmsg/pic9.jpg?&msg=BCC162AD-09A4-4F5F-A722-7C5F1097FB73&start=0&len=77931&mimepart=3&curmbox=00000000-0000-0000-0000-000000000001&b=45cf5edc0ea994a81e153c11ff285cd7&disk=10.1.106.220_d2219&login=tic%2dtac%2dup%2dur%2dnose&domain=hotmail%2ecom&hm___sig=9cbf261b01c7498 c256d2de97f74fe64f3722478614ec45a -- End of file - 9275 bytes |
So habe jetz auch Malwarebytes drueber laufen lassen. Hier der Report... Malwarebytes' Anti-Malware 1.26 Database version: 1120 Windows 5.1.2600 Service Pack 3 9/6/2008 11:28:53 PM mbam-log-2008-09-06 (23-28-53).txt Scan type: Full Scan (C:\|) Objects scanned: 141165 Time elapsed: 2 hour(s), 30 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 17 Registry Values Infected: 3 Registry Data Items Infected: 1 Folders Infected: 3 Files Infected: 86 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Delete on reboot. C:\WINDOWS\system32\getsn32.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{252874d8-5b00-4b93-a282-4ca656598278} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e221c81b-e518-4f93-b0d2-14e52065417a} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2d9f1530-0b38-4dcb-a90a-cecd559f3514} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d9f1530-0b38-4dcb-a90a-cecd559f3514} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\IMAdvertiser (Adware.SearchTwo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\getsn32.msiesn (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\network driver interface (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\network driver interface (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\network driver interface (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\webhancer agent (Adware.Webhancer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Desktop) -> Delete on reboot. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\run (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot. C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015 (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\webHancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Delete on reboot. C:\Documents and Settings\***\Cookies\zobyl.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8205005F\newsys[1].exe (Rogue.Spymonitor) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HYTH0TIY\dkf[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\webHancer\Programs\license.txt (Adware.Webhancer) -> Quarantined and deleted successfully. C:\Program Files\webHancer\Programs\readme.txt (Adware.Webhancer) -> Quarantined and deleted successfully. C:\Program Files\webHancer\Programs\sporder.dll (Adware.Webhancer) -> Quarantined and deleted successfully. C:\Program Files\webHancer\Programs\whagent.exe (Adware.Webhancer) -> Quarantined and deleted successfully. C:\Program Files\webHancer\Programs\whagent.ini (Adware.Webhancer) -> Quarantined and deleted successfully. C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1015\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\default.htm (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\getsn32.dll (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\LocalService\Application Data\Adobe\Manager.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\aagqh.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\bagxw.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\bgvqc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\bitxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\brznc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\cfkdj.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\dokzd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\evmow.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\ffghc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\gagdt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\ggvgi.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\hslfi.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\icdkd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\idyuu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\ijahk.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\ijgur.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\irxak.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\ivtal.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\jbzie.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\joeti.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\jofbs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\julvi.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\kmowk.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\larag.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\lukfy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\mjycn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\mmbfl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\mqubt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\nmnmm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\nygzr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\pqann.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\qguju.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\qidpr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\qiraf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\qpccp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\qtbmk.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\qweiv.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\rbbhi.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\reafh.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\ruymo.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\rxbtx.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\ssdgo.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\sufym.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\tshak.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\tsorz.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\ttvdr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\tvqvp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\udcga.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\utfbf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\utuvz.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\vomvc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\vqjuv.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\vrshb.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\wawrt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\wphuw.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\wyckf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\xcbxh.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\xhkkb.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\xiezt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\xkehh.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\yazup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\ycofz.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\ykdjg.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\yxmcp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\yytnr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\zbvjc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\zcpkq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\zjtcv.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\zvzvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\zwuyq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Cookies\zyabi.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\***\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Delete on reboot. Naja das wars an sich. Hatte aber auch eine Meldung bekommen das manche Datein nicht geloescht werden koennen, und erst beim neustart geloescht werden. Naja ich hoffe mal das alles gut geht. Soll ich noch was machen um zu checken das alles weg ist? |
So ich hatte meinen Pc neu gestartet. Aber der Virus ist immer noch drauf er konnte die dateien nicht loeschen. Das waren die Dateinen die er nicht loeschen konnte..Siehe link unten ... -.- http://img148.imageshack.us/my.php?image=fuckrs7.jpg Langsam weis ich echt nicht mehr weiter. :schrei: Gibt es kein Programm um dieses Teil zu loeschen?! |
So, der Screen zeigt, das er die Dateien nur bei einem Reboot löschen kann. Hast du den Rechner neugestartet? Zudem noch ist dein System schwerstens infiziert, vermutlich auch mit einem gefährlichen DDoS-fähigem Wurm. Dir muss klar sein das man es durch diese Tools nie in einen 100% vertrauenswürdigen Zustand versetzen kann und das du umgehend alle Passwörter und Zugangsdaten von einem sauberen Rechner aus ändern sollst, btw. am infiziertem Rechner derweilen nichts heikles unternehmen. Wenn Onlinebanking, etc. betrieben wurde solltest du deine Bank informieren und die Kontoauszüge auf Kontobewegungen prüfen. Und ich weiß, wie du dir das Ganze eingefangen hast: Zitat:
Wenn du noch auf Neuaufsetzen verzichten willst, folge den Schritt weiter: ComboFix
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. (ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix) |
Also ich habe den Pc neugestartet aber konnten trozdem nicht geloescht werden. Und im gegenteil es wurde immer schlimmer. Der Hintergrund hat sich steandig gewechselt. Und es haben sich immer mehr Seiten von allein geoeffnet. Wie ich den Virus bekommen habe weis ich nicht. Ich bin nicht der einzigste hir der den Pc benutzt. Ich habe mal ein anderes Programm durchlaufen lassen. (Trojan Remover) Hat an sich eigentlich gut geholfen.. Es oeffnen sich keine fenster mehr, die Meldung das mein Pc versucht ist auch weg. Und der Pc lead auch wieder schneller. Das war der Report... Teil1...:D ***** TROJAN REMOVER HAS RESTARTED THE SYSTEM ***** 9/7/2008 11:56:59 AM: Trojan Remover has been restarted 9/7/2008 11:56:59 AM: Trojan Remover closed ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com [Registered to: mohd alhusain] Scan started at: 11:53:45 AM 07 Sep 2008 Using Database v7108 Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)] File System: NTFS Data directory: C:\Documents and Settings\Eileen\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Eileen\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 11:53:45 AM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ************************************************************ 11:53:45 AM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ************************************************************ 11:53:45 AM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 11:53:47 AM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): File: Explorer.exe C:\WINDOWS\Explorer.exe 1033728 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 26112 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Cmaudio Value Data: RunDll32 cmicnfg.cpl,CMICtrlWnd cmicnfg.cpl [file not found to scan] -------------------- Value Name: NeroFilterCheck Value Data: C:\WINDOWS\system32\NeroCheck.exe C:\WINDOWS\system32\NeroCheck.exe 155648 bytes Created: 9/23/2006 Modified: 7/9/2001 Company: Ahead Software Gmbh -------------------- Value Name: SoundMan Value Data: SOUNDMAN.EXE C:\WINDOWS\SOUNDMAN.EXE 577536 bytes Created: 9/23/2006 Modified: 3/1/2006 Company: Realtek Semiconductor Corp. -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe 49263 bytes Created: 2/17/2007 Modified: 10/12/2006 Company: Sun Microsystems, Inc. -------------------- Value Name: Creative WebCam Tray Value Data: C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\Creative\Shared Files\CAMTRAY.EXE 245760 bytes Created: 9/29/2006 Modified: 7/30/2004 Company: Creative Technology Ltd -------------------- Value Name: SiS Tray Value Data: Blank entry: [] -------------------- Value Name: SiS KHooker Value Data: C:\WINDOWS\system32\khooker.exe C:\WINDOWS\system32\khooker.exe [file not found to scan] -------------------- Value Name: nmapp Value Data: "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash C:\Program Files\Pure Networks\Network Magic\nmapp.exe 321088 bytes Created: 11/1/2006 Modified: 11/1/2006 Company: Pure Networks, Inc. -------------------- Value Name: pccguide.exe Value Data: C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe 3429904 bytes Created: 1/23/2007 Modified: 1/23/2007 Company: Trend Micro Inc. -------------------- Value Name: AppleSyncNotifier Value Data: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe 116040 bytes Created: 7/22/2008 Modified: 7/22/2008 Company: Apple Inc. -------------------- Value Name: QuickTime Task Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime C:\Program Files\QuickTime\QTTask.exe 413696 bytes Created: 5/27/2008 Modified: 5/27/2008 Company: Apple Inc. |
Teil 2 :aufsmaul: -------------------- Value Name: iTunesHelper Value Data: "C:\Program Files\iTunes\iTunesHelper.exe" C:\Program Files\iTunes\iTunesHelper.exe 289064 bytes Created: 7/30/2008 Modified: 7/30/2008 Company: Apple Inc. -------------------- Value Name: UserFaultCheck Value Data: %systemroot%\system32\dumprep 0 -u C:\WINDOWS\system32\dumprep 0 -u [file not found to scan] -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 914512 bytes Created: 9/7/2008 Modified: 8/19/2008 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: MsnMsgr Value Data: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background C:\Program Files\MSN Messenger\MsnMsgr.Exe 5674352 bytes Created: 1/19/2007 Modified: 1/19/2007 Company: Microsoft Corporation -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx This Registry Key appears to be empty ************************************************************ 11:53:50 AM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************************ 11:53:50 AM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 11:53:51 AM: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\WINDOWS\system32\logon.scr C:\WINDOWS\system32\logon.scr 220672 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation -------------------- ************************************************************ 11:53:51 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {02C7D67F-6411-CD67-0202-030608030602} Path: C:\WINDOWS\system32\Smiley.exe C:\WINDOWS\system32\Smiley.exe 1185792 bytes Created: 8/4/2004 Modified: 8/4/2004 Company: ---------- Key: {4b218e3e-bc98-4770-93d3-2731b9329278} Path: %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf [file not found to scan] ---------- ************************************************************ 11:53:53 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: AppMgmt %SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found) -------------------- Key: HidServ %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found) -------------------- ************************************************************ 11:53:55 AM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: Apple Mobile Device ImagePath: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 116040 bytes Created: 7/22/2008 Modified: 7/22/2008 Company: Apple Inc. ---------- Key: Bonjour Service ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe" C:\Program Files\Bonjour\mDNSResponder.exe 229376 bytes Created: 7/24/2007 Modified: 7/24/2007 Company: Apple Inc. ---------- Key: cmuda ImagePath: system32\drivers\cmuda.sys C:\WINDOWS\system32\drivers\cmuda.sys 1373120 bytes Created: 6/9/2006 Modified: 6/9/2006 Company: C-Media Inc ---------- Key: IDriverT ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 69632 bytes Created: 4/4/2005 Modified: 4/4/2005 Company: Macrovision Corporation ---------- Key: ms_mpu401 ImagePath: system32\drivers\msmpu401.sys C:\WINDOWS\system32\drivers\msmpu401.sys 2944 bytes Created: 7/12/2006 Modified: 8/17/2001 Company: Microsoft Corporation ---------- Key: nmraapache ImagePath: "C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe 12800 bytes Created: 10/14/2006 Modified: 10/14/2006 Company: Pure Networks, Inc. ---------- Key: nmservice ImagePath: "C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe" C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe 321088 bytes Created: 11/1/2006 Modified: 11/1/2006 Company: Pure Networks, Inc. ---------- Key: PcCtlCom ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe 1922576 bytes Created: 1/23/2007 Modified: 1/23/2007 Company: Trend Micro Inc. ---------- Key: PcScnSrv ImagePath: "C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe" C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe 214544 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: PD0620VID ImagePath: system32\DRIVERS\P0620Vid.sys C:\WINDOWS\system32\DRIVERS\P0620Vid.sys -R- 91577 bytes Created: 9/29/2006 Modified: 7/28/2004 Company: Creative Technology Ltd. ---------- Key: pnarp ImagePath: system32\DRIVERS\pnarp.sys C:\WINDOWS\system32\DRIVERS\pnarp.sys 25792 bytes Created: 3/3/2007 Modified: 2/8/2007 Company: Pure Networks, Inc. ---------- Key: purendis ImagePath: system32\DRIVERS\purendis.sys C:\WINDOWS\system32\DRIVERS\purendis.sys 26944 bytes Created: 3/3/2007 Modified: 2/8/2007 Company: Pure Networks, Inc. ---------- Key: SiS315 ImagePath: system32\DRIVERS\sisgrp.sys C:\WINDOWS\system32\DRIVERS\sisgrp.sys 432384 bytes Created: 2/6/2002 Modified: 1/6/2004 Company: Silicon Integrated Systems Corporation ---------- Key: sisagp ImagePath: system32\DRIVERS\SISAGPX.sys C:\WINDOWS\system32\DRIVERS\SISAGPX.sys 30720 bytes Created: 10/26/2006 Modified: 1/13/2003 Company: Silicon Integrated Systems Corporation ---------- Key: SiSkp ImagePath: system32\drivers\srvkp.sys C:\WINDOWS\system32\drivers\srvkp.sys 11264 bytes Created: 10/26/2006 Modified: 10/2/2003 Company: Silicon Integrated Systems Corporation ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{FF3D0FB8-7566-42EE-91DC-CECE1B972A55} C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: tmcfw ImagePath: system32\DRIVERS\TM_CFW.sys C:\WINDOWS\system32\DRIVERS\TM_CFW.sys 288848 bytes Created: 9/7/2007 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: tmcomm ImagePath: \??\C:\WINDOWS\system32\drivers\tmcomm.sys C:\WINDOWS\system32\drivers\tmcomm.sys 138384 bytes Created: 12/29/2006 Modified: 12/24/2007 Company: Trend Micro Inc. ---------- Key: tmmbd ImagePath: system32\DRIVERS\tm_mbd_c.sys C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys 111888 bytes Created: 9/7/2007 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: Tmntsrv ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe 480784 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: TmPfw ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe 943696 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: tmpreflt ImagePath: system32\DRIVERS\tmpreflt.sys C:\WINDOWS\system32\DRIVERS\tmpreflt.sys 36368 bytes Created: 9/7/2007 Modified: 7/18/2008 Company: Trend Micro Inc. ---------- Key: tmproxy ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe 566872 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. |
Teil 3 :lach: ---------- Key: tmtdi ImagePath: system32\DRIVERS\tmtdi.sys C:\WINDOWS\system32\DRIVERS\tmtdi.sys 75088 bytes Created: 9/7/2007 Modified: 12/29/2006 Company: Trend Micro Incorporated. ---------- Key: tmxpflt ImagePath: system32\DRIVERS\tmxpflt.sys C:\WINDOWS\system32\DRIVERS\tmxpflt.sys 205328 bytes Created: 9/7/2007 Modified: 7/18/2008 Company: Trend Micro Inc. ---------- Key: USBAAPL ImagePath: System32\Drivers\usbaapl.sys C:\WINDOWS\System32\Drivers\usbaapl.sys 32000 bytes Created: 9/3/2008 Modified: 7/22/2008 Company: Apple, Inc. ---------- Key: usnjsvc ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe" C:\Program Files\MSN Messenger\usnsvc.exe 97136 bytes Created: 1/19/2007 Modified: 1/19/2007 Company: Microsoft Corporation ---------- Key: vsapint ImagePath: system32\DRIVERS\vsapint.sys C:\WINDOWS\system32\DRIVERS\vsapint.sys 1195448 bytes Created: 9/7/2007 Modified: 7/18/2008 Company: Trend Micro Inc. ---------- ************************************************************ 11:54:03 AM: Scanning -----VXD ENTRIES----- ************************************************************ 11:54:03 AM: Scanning ----- WINLOGON\NOTIFY DLLS ----- ************************************************************ 11:54:04 AM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: {48F45200-91E6-11CE-8A4F-0080C81A28D4} Path: C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll 292368 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- ************************************************************ 11:54:04 AM: Scanning ----- FOLDER\COLUMNHANDLERS ----- ************************************************************ 11:54:04 AM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BHO: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 37808 bytes Created: 9/23/2006 Modified: 3/2/2001 Company: ---------- Key: {2D9F1530-0B38-4DCB-A90A-CECD559F3514} BHO: C:\WINDOWS\system32\getsn32.dll C:\WINDOWS\system32\getsn32.dll 15360 bytes Created: 9/6/2008 Modified: 9/7/2008 Company: Microsoft Corporation ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: c:\program files\google\googletoolbar3.dll c:\program files\google\googletoolbar3.dll -R- 2403392 bytes Created: 10/14/2007 Modified: 1/19/2007 Company: Google Inc. ---------- ************************************************************ 11:54:06 AM: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 11:54:06 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- Value: {C5AF49A2-94F3-42BD-F234-3604812C897D} Comment: kjlsjf9843nksngfdgffn File: C:\WINDOWS\system32\ksfj83nwe.dll C:\WINDOWS\system32\ksfj83nwe.dll [file not found to scan] ---------- ************************************************************ 11:54:06 AM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 11:54:07 AM: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank ************************************************************ 11:54:07 AM: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 11:54:07 AM: Scanning ------ USER STARTUP GROUPS ------ Checking Startup Group for All Users [C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp] No Startup files for All Users were located to check ************************************************************ 11:54:07 AM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe 110592 bytes Created: 12/9/2006 Modified: 8/24/2000 Company: Adobe Systems, Inc. Adobe Gamma Loader.exe.lnk - links to C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 7/12/2006 Modified: 7/12/2006 Company: -------------------- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe 282624 bytes Created: 2/20/2007 Modified: 2/20/2007 Company: Eastman Kodak Company Kodak EasyShare software.lnk - links to C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -------------------- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe 16423 bytes Created: 2/13/2004 Modified: 2/13/2004 Company: KODAK Software Updater.lnk - links to C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -------------------- ************************************************************ 11:54:09 AM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Administrator [C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP] The Startup Group for Administrator attempts to load the following file(s): C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 9/27/2006 Modified: 7/12/2006 Company: ---------- -------------------- Checking Startup Group for: Eileen [C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP] The Startup Group for Eileen attempts to load the following file(s): C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 7/12/2006 Modified: 7/12/2006 Company: ---------- C:\Program Files\LimeWire\LimeWire.exe 147456 bytes Created: 2/8/2008 Modified: 2/8/2008 Company: Lime Wire, LLC LimeWire On Startup.lnk - links to C:\Program Files\LimeWire\LimeWire.exe ---------- ************************************************************ 11:54:10 AM: Scanning ----- SCHEDULED TASKS ----- Taskname: AppleSoftwareUpdate.job File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe C:\Program Files\Apple Software Update\SoftwareUpdate.exe 566592 bytes Created: 4/11/2008 Modified: 4/11/2008 Company: Apple Inc. Parameters: -task Next Run Time: 9/9/2008 1:43:00 PM Status: The task has not yet run Creator: SYSTEM Comments: [blank] ---------- ************************************************************ 11:54:10 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************************ 11:54:10 AM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Documents and Settings\Eileen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\Eileen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 9/23/2006 Modified: 5/12/2007 Company: ---------- Web Desktop Wallpaper entry is blank ---------- Additional checks completed ************************************************************ 11:54:13 AM: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe -------------------- C:\WINDOWS\system32\csrss.exe -------------------- C:\WINDOWS\system32\winlogon.exe -------------------- C:\WINDOWS\system32\services.exe -------------------- C:\WINDOWS\system32\lsass.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\System32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\spoolsv.exe -------------------- C:\WINDOWS\Explorer.EXE -------------------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -------------------- C:\Program Files\Bonjour\mDNSResponder.exe -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\SOUNDMAN.EXE -------------------- C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe -------------------- C:\Program Files\Creative\Shared Files\CAMTRAY.EXE |
Sorry, aber wenn du dich nicht an die Anweisungen haltest, kann dir auch nicht geholfen werden. Von "Trojan Remover" halte ich nicht viel, ist für mich unnötig wie ein Kropf. :juul: |
Teil 4 :teufel3: -------------------- C:\Program Files\Pure Networks\Network Magic\nmapp.exe -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe -------------------- C:\Program Files\QuickTime\QTTask.exe -------------------- C:\Program Files\iTunes\iTunesHelper.exe -------------------- C:\Program Files\MSN Messenger\MsnMsgr.Exe -------------------- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -------------------- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe -------------------- C:\Program Files\LimeWire\LimeWire.exe -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe -------------------- C:\WINDOWS\system32\wdfmgr.exe -------------------- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -------------------- C:\Program Files\iPod\bin\iPodService.exe -------------------- C:\WINDOWS\System32\alg.exe -------------------- C:\Program Files\Internet Explorer\iexplore.exe -------------------- C:\Documents and Settings\Eileen\Application Data\Simply Super Software\Trojan Remover\pey44.exe FileSize: 2548288 [This is a Trojan Remover component] -------------------- -------------------- ************************************************************ 11:54:17 AM: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file ************************************************************ 11:54:17 AM: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINDOWS\system32 No malicious entries were found in the AUTOEXEC.NT file ************************************************************ 11:54:17 AM: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": http://start.shaw.ca/start/enCA HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\WINDOWS\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://www.google.com ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 11:54:17 AM 07 Sep 2008 ------------------------------------------------------------------------- One or more files could not be moved or renamed as requested. They may be in use by Windows, so Trojan Remover needs to restart the system in order to deal with these files. 9/7/2008 11:54:37 AM: restart commenced ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com [Registered to: mohd alhusain] Scan started at: 11:40:17 AM 07 Sep 2008 Using Database v7108 Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)] File System: NTFS Data directory: C:\Documents and Settings\Eileen\Application Data\Simply Super Software\Trojan Remover\ Database directory: C:\Program Files\Trojan Remover\ Logfile directory: C:\Documents and Settings\Eileen\My Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files\Trojan Remover\ Running with Administrator privileges ************************************************************ The regfile\shell\open\command Registry Key appears to have been modified. The current Registry entry is: regedit.exe "%1" %*. This entry calls the following file: C:\WINDOWS\regedit.exe Trojan Remover has restored the Registry regfile\shell\open key. -------------------- ************************************************************ 11:40:46 AM: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ************************************************************ 11:40:46 AM: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ************************************************************ 11:40:46 AM: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 11:40:48 AM: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): File: Explorer.exe C:\WINDOWS\Explorer.exe 1033728 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): File: C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\userinit.exe 26112 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- File: C:\WINDOWS\system32\uesiuqcr.exe C:\WINDOWS\system32\uesiuqcr.exe 85008 bytes Created: 9/6/2008 Modified: 9/6/2008 Company: Microsoft Corporation C:\WINDOWS\system32\uesiuqcr.exe - running process located and terminated C:\WINDOWS\system32\uesiuqcr.exe - file renamed to: C:\WINDOWS\system32\uesiuqcr.exe.vir ---------- This key's "System" value appears to be blank ---------- This key's "UIHost" value calls the following program: File: logonui.exe C:\WINDOWS\system32\logonui.exe 514560 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: load -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: Cmaudio Value Data: RunDll32 cmicnfg.cpl,CMICtrlWnd cmicnfg.cpl [file not found to scan] -------------------- Value Name: NeroFilterCheck Value Data: C:\WINDOWS\system32\NeroCheck.exe C:\WINDOWS\system32\NeroCheck.exe 155648 bytes Created: 9/23/2006 Modified: 7/9/2001 Company: Ahead Software Gmbh -------------------- Value Name: SoundMan Value Data: SOUNDMAN.EXE C:\WINDOWS\SOUNDMAN.EXE 577536 bytes Created: 9/23/2006 Modified: 3/1/2006 Company: Realtek Semiconductor Corp. -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe 49263 bytes Created: 2/17/2007 Modified: 10/12/2006 Company: Sun Microsystems, Inc. -------------------- Value Name: Creative WebCam Tray Value Data: C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\Creative\Shared Files\CAMTRAY.EXE 245760 bytes Created: 9/29/2006 Modified: 7/30/2004 Company: Creative Technology Ltd -------------------- Value Name: SiS Tray Value Data: Blank entry: [] -------------------- Value Name: SiS KHooker Value Data: C:\WINDOWS\system32\khooker.exe C:\WINDOWS\system32\khooker.exe [file not found to scan] -------------------- Value Name: nmapp Value Data: "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash C:\Program Files\Pure Networks\Network Magic\nmapp.exe 321088 bytes Created: 11/1/2006 Modified: 11/1/2006 Company: Pure Networks, Inc. -------------------- Value Name: pccguide.exe Value Data: C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe 3429904 bytes Created: 1/23/2007 Modified: 1/23/2007 Company: Trend Micro Inc. -------------------- Value Name: AppleSyncNotifier Value Data: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe 116040 bytes Created: 7/22/2008 Modified: 7/22/2008 Company: Apple Inc. -------------------- Value Name: QuickTime Task Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime C:\Program Files\QuickTime\QTTask.exe 413696 bytes Created: 5/27/2008 Modified: 5/27/2008 Company: Apple Inc. -------------------- Value Name: iTunesHelper Value Data: "C:\Program Files\iTunes\iTunesHelper.exe" C:\Program Files\iTunes\iTunesHelper.exe 289064 bytes Created: 7/30/2008 Modified: 7/30/2008 Company: Apple Inc. -------------------- Value Name: UserFaultCheck Value Data: %systemroot%\system32\dumprep 0 -u C:\WINDOWS\system32\dumprep 0 -u [file not found to scan] -------------------- Value Name: TrojanScanner Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot C:\Program Files\Trojan Remover\Trjscan.exe 914512 bytes Created: 9/7/2008 Modified: 8/19/2008 Company: Simply Super Software -------------------- |
Teil 5 ;) -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce This Registry Key appears to be empty -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: MsnMsgr Value Data: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background C:\Program Files\MSN Messenger\MsnMsgr.Exe 5674352 bytes Created: 1/19/2007 Modified: 1/19/2007 Company: Microsoft Corporation -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx This Registry Key appears to be empty ************************************************************ 11:41:34 AM: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ************************************************************ 11:41:34 AM: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 11:41:34 AM: Scanning -----ACTIVE SCREENSAVER----- ScreenSaver: C:\WINDOWS\system32\logon.scr C:\WINDOWS\system32\logon.scr 220672 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation -------------------- ************************************************************ 11:41:35 AM: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: {02C7D67F-6411-CD67-0202-030608030602} Path: C:\WINDOWS\system32\Smiley.exe C:\WINDOWS\system32\Smiley.exe 1185792 bytes Created: 8/4/2004 Modified: 8/4/2004 Company: ---------- Key: {4b218e3e-bc98-4770-93d3-2731b9329278} Path: %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf [file not found to scan] ---------- ************************************************************ 11:41:36 AM: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Key: AppMgmt %SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found) -------------------- Key: HidServ %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found) -------------------- ************************************************************ 11:41:39 AM: Scanning ----- SERVICES REGISTRY KEYS ----- Key: Apple Mobile Device ImagePath: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 116040 bytes Created: 7/22/2008 Modified: 7/22/2008 Company: Apple Inc. ---------- Key: Bonjour Service ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe" C:\Program Files\Bonjour\mDNSResponder.exe 229376 bytes Created: 7/24/2007 Modified: 7/24/2007 Company: Apple Inc. ---------- Key: cmuda ImagePath: system32\drivers\cmuda.sys C:\WINDOWS\system32\drivers\cmuda.sys 1373120 bytes Created: 6/9/2006 Modified: 6/9/2006 Company: C-Media Inc ---------- Key: IDriverT ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 69632 bytes Created: 4/4/2005 Modified: 4/4/2005 Company: Macrovision Corporation ---------- Key: ms_mpu401 ImagePath: system32\drivers\msmpu401.sys C:\WINDOWS\system32\drivers\msmpu401.sys 2944 bytes Created: 7/12/2006 Modified: 8/17/2001 Company: Microsoft Corporation ---------- Key: nmraapache ImagePath: "C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe" -k runservice C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe 12800 bytes Created: 10/14/2006 Modified: 10/14/2006 Company: Pure Networks, Inc. ---------- Key: nmservice ImagePath: "C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe" C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe 321088 bytes Created: 11/1/2006 Modified: 11/1/2006 Company: Pure Networks, Inc. ---------- Key: PcCtlCom ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe 1922576 bytes Created: 1/23/2007 Modified: 1/23/2007 Company: Trend Micro Inc. ---------- Key: PcScnSrv ImagePath: "C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe" C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe 214544 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: PD0620VID ImagePath: system32\DRIVERS\P0620Vid.sys C:\WINDOWS\system32\DRIVERS\P0620Vid.sys -R- 91577 bytes Created: 9/29/2006 Modified: 7/28/2004 Company: Creative Technology Ltd. ---------- Key: pnarp ImagePath: system32\DRIVERS\pnarp.sys C:\WINDOWS\system32\DRIVERS\pnarp.sys 25792 bytes Created: 3/3/2007 Modified: 2/8/2007 Company: Pure Networks, Inc. ---------- Key: purendis ImagePath: system32\DRIVERS\purendis.sys C:\WINDOWS\system32\DRIVERS\purendis.sys 26944 bytes Created: 3/3/2007 Modified: 2/8/2007 Company: Pure Networks, Inc. ---------- Key: SiS315 ImagePath: system32\DRIVERS\sisgrp.sys C:\WINDOWS\system32\DRIVERS\sisgrp.sys 432384 bytes Created: 2/6/2002 Modified: 1/6/2004 Company: Silicon Integrated Systems Corporation ---------- Key: sisagp ImagePath: system32\DRIVERS\SISAGPX.sys C:\WINDOWS\system32\DRIVERS\SISAGPX.sys 30720 bytes Created: 10/26/2006 Modified: 1/13/2003 Company: Silicon Integrated Systems Corporation ---------- Key: SiSkp ImagePath: system32\drivers\srvkp.sys C:\WINDOWS\system32\drivers\srvkp.sys 11264 bytes Created: 10/26/2006 Modified: 10/2/2003 Company: Silicon Integrated Systems Corporation ---------- Key: SwPrv ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{FF3D0FB8-7566-42EE-91DC-CECE1B972A55} C:\WINDOWS\system32\dllhost.exe 5120 bytes Created: 8/4/2004 Modified: 4/13/2008 Company: Microsoft Corporation ---------- Key: tmcfw ImagePath: system32\DRIVERS\TM_CFW.sys C:\WINDOWS\system32\DRIVERS\TM_CFW.sys 288848 bytes Created: 9/7/2007 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: tmcomm ImagePath: \??\C:\WINDOWS\system32\drivers\tmcomm.sys C:\WINDOWS\system32\drivers\tmcomm.sys 138384 bytes Created: 12/29/2006 Modified: 12/24/2007 Company: Trend Micro Inc. ---------- Key: tmmbd ImagePath: system32\DRIVERS\tm_mbd_c.sys C:\WINDOWS\system32\DRIVERS\tm_mbd_c.sys 111888 bytes Created: 9/7/2007 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: Tmntsrv ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe 480784 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: TmPfw ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe 943696 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- |
Teil 6:killpc: ---------- Key: tmpreflt ImagePath: system32\DRIVERS\tmpreflt.sys C:\WINDOWS\system32\DRIVERS\tmpreflt.sys 36368 bytes Created: 9/7/2007 Modified: 7/18/2008 Company: Trend Micro Inc. ---------- Key: tmproxy ImagePath: C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe 566872 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- Key: tmtdi ImagePath: system32\DRIVERS\tmtdi.sys C:\WINDOWS\system32\DRIVERS\tmtdi.sys 75088 bytes Created: 9/7/2007 Modified: 12/29/2006 Company: Trend Micro Incorporated. ---------- Key: tmxpflt ImagePath: system32\DRIVERS\tmxpflt.sys C:\WINDOWS\system32\DRIVERS\tmxpflt.sys 205328 bytes Created: 9/7/2007 Modified: 7/18/2008 Company: Trend Micro Inc. ---------- Key: USBAAPL ImagePath: System32\Drivers\usbaapl.sys C:\WINDOWS\System32\Drivers\usbaapl.sys 32000 bytes Created: 9/3/2008 Modified: 7/22/2008 Company: Apple, Inc. ---------- Key: usnjsvc ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe" C:\Program Files\MSN Messenger\usnsvc.exe 97136 bytes Created: 1/19/2007 Modified: 1/19/2007 Company: Microsoft Corporation ---------- Key: vsapint ImagePath: system32\DRIVERS\vsapint.sys C:\WINDOWS\system32\DRIVERS\vsapint.sys 1195448 bytes Created: 9/7/2007 Modified: 7/18/2008 Company: Trend Micro Inc. ---------- ************************************************************ 11:41:48 AM: Scanning -----VXD ENTRIES----- ************************************************************ 11:41:48 AM: Scanning ----- WINLOGON\NOTIFY DLLS ----- ************************************************************ 11:41:48 AM: Scanning ----- CONTEXTMENUHANDLERS ----- Key: {48F45200-91E6-11CE-8A4F-0080C81A28D4} Path: C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll 292368 bytes Created: 12/29/2006 Modified: 12/29/2006 Company: Trend Micro Inc. ---------- ************************************************************ 11:41:48 AM: Scanning ----- FOLDER\COLUMNHANDLERS ----- ************************************************************ 11:41:48 AM: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} BHO: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 37808 bytes Created: 9/23/2006 Modified: 3/2/2001 Company: ---------- Key: {2D9F1530-0B38-4DCB-A90A-CECD559F3514} BHO: C:\WINDOWS\system32\getsn32.dll C:\WINDOWS\system32\getsn32.dll 15360 bytes Created: 9/6/2008 Modified: 9/7/2008 Company: Microsoft Corporation ---------- Key: {AA58ED58-01DD-4d91-8333-CF10577473F7} BHO: c:\program files\google\googletoolbar3.dll c:\program files\google\googletoolbar3.dll -R- 2403392 bytes Created: 10/14/2007 Modified: 1/19/2007 Company: Google Inc. ---------- ************************************************************ 11:41:49 AM: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 11:41:50 AM: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- Value: {C5AF49A2-94F3-42BD-F234-3604812C897D} Comment: kjlsjf9843nksngfdgffn File: C:\WINDOWS\system32\ksfj83nwe.dll C:\WINDOWS\system32\ksfj83nwe.dll [file not found to scan] ---------- ************************************************************ 11:41:50 AM: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 11:41:50 AM: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank ************************************************************ 11:41:50 AM: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 11:41:50 AM: Scanning ------ USER STARTUP GROUPS ------ Checking Startup Group for All Users [C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp] No Startup files for All Users were located to check ************************************************************ 11:41:50 AM: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe 110592 bytes Created: 12/9/2006 Modified: 8/24/2000 Company: Adobe Systems, Inc. Adobe Gamma Loader.exe.lnk - links to C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe -------------------- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -HS- 84 bytes Created: 7/12/2006 Modified: 7/12/2006 Company: -------------------- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe 282624 bytes Created: 2/20/2007 Modified: 2/20/2007 Company: Eastman Kodak Company Kodak EasyShare software.lnk - links to C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -------------------- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe 16423 bytes Created: 2/13/2004 Modified: 2/13/2004 Company: KODAK Software Updater.lnk - links to C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -------------------- ************************************************************ 11:41:52 AM: Scanning ------ USER STARTUP GROUPS ------ -------------------- Checking Startup Group for: Administrator [C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP] The Startup Group for Administrator attempts to load the following file(s): C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 9/27/2006 Modified: 7/12/2006 Company: ---------- -------------------- Checking Startup Group for: Eileen [C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP] The Startup Group for Eileen attempts to load the following file(s): C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP\desktop.ini -HS- 84 bytes Created: 7/12/2006 Modified: 7/12/2006 Company: ---------- C:\Documents and Settings\Eileen\START MENU\PROGRAMS\STARTUP\IMVU.lnk - this links to C:\Program Files\IMVU\IMVUClient.exe - this Shortcut has been removed ---------- C:\Program Files\LimeWire\LimeWire.exe 147456 bytes Created: 2/8/2008 Modified: 2/8/2008 Company: Lime Wire, LLC LimeWire On Startup.lnk - links to C:\Program Files\LimeWire\LimeWire.exe ---------- ************************************************************ 11:42:30 AM: Scanning ----- SCHEDULED TASKS ----- Taskname: AppleSoftwareUpdate.job File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe C:\Program Files\Apple Software Update\SoftwareUpdate.exe 566592 bytes Created: 4/11/2008 Modified: 4/11/2008 Company: Apple Inc. Parameters: -task Next Run Time: 9/9/2008 1:43:00 PM Status: The task has not yet run Creator: SYSTEM Comments: [blank] ---------- ************************************************************ 11:42:31 AM: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- ************************************************************ 11:42:31 AM: ----- ADDITIONAL CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- ============================== Restrictive Windows Explorer Policies found in force on this computer: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System Value: DisableTaskMgr HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System Value: DisableTaskMgr All Policy Values listed have been removed ============================== Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Documents and Settings\Eileen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp C:\Documents and Settings\Eileen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp 1440054 bytes Created: 9/23/2006 Modified: 5/12/2007 Company: ---------- Web Desktop Wallpaper: %SystemRoot%\default.htm C:\WINDOWS\default.htm 1962 bytes Created: 9/6/2008 Modified: 9/7/2008 Company: C:\WINDOWS\default.htm appears to contain: TROJAN.FAKEALERT C:\WINDOWS\default.htm - this registry value has been removed C:\WINDOWS\default.htm - file renamed to: C:\WINDOWS\default.htm.vir ---------- Additional checks completed |
Sorry, die Teile kannst du dir sparen :teufel2: |
Und der letzte teil... :alc: ************************************************************ 11:43:19 AM: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe [1 loaded module] -------------------- C:\WINDOWS\system32\csrss.exe [11 loaded modules in total] -------------------- C:\WINDOWS\system32\winlogon.exe [68 loaded modules in total] -------------------- C:\WINDOWS\system32\services.exe [25 loaded modules in total] -------------------- C:\WINDOWS\system32\lsass.exe [56 loaded modules in total] -------------------- C:\WINDOWS\system32\svchost.exe [46 loaded modules in total] -------------------- C:\WINDOWS\system32\svchost.exe [37 loaded modules in total] -------------------- C:\WINDOWS\System32\svchost.exe [153 loaded modules in total] -------------------- C:\WINDOWS\system32\svchost.exe [30 loaded modules in total] -------------------- C:\WINDOWS\system32\svchost.exe [40 loaded modules in total] -------------------- C:\WINDOWS\system32\spoolsv.exe [53 loaded modules in total] -------------------- C:\WINDOWS\Explorer.EXE [94 loaded modules in total] -------------------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [23 loaded modules in total] -------------------- C:\Program Files\Bonjour\mDNSResponder.exe [25 loaded modules in total] -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe [51 loaded modules in total] -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe [34 loaded modules in total] -------------------- C:\WINDOWS\system32\svchost.exe [39 loaded modules in total] -------------------- C:\WINDOWS\SOUNDMAN.EXE [20 loaded modules in total] -------------------- C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe [16 loaded modules in total] -------------------- C:\Program Files\Creative\Shared Files\CAMTRAY.EXE [31 loaded modules in total] -------------------- C:\Program Files\Pure Networks\Network Magic\nmapp.exe [80 loaded modules in total] -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe [33 loaded modules in total] -------------------- C:\Program Files\QuickTime\QTTask.exe [14 loaded modules in total] -------------------- C:\Program Files\iTunes\iTunesHelper.exe [47 loaded modules in total] -------------------- C:\Program Files\MSN Messenger\MsnMsgr.Exe [89 loaded modules in total] -------------------- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [191 loaded modules in total] -------------------- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [72 loaded modules in total] -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe [19 loaded modules in total] -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe [43 loaded modules in total] -------------------- C:\Program Files\LimeWire\LimeWire.exe [68 loaded modules in total] -------------------- C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe [51 loaded modules in total] -------------------- C:\WINDOWS\system32\wdfmgr.exe [13 loaded modules in total] -------------------- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [72 loaded modules in total] -------------------- C:\Program Files\iPod\bin\iPodService.exe [28 loaded modules in total] -------------------- C:\WINDOWS\System32\alg.exe [29 loaded modules in total] -------------------- C:\Program Files\Outlook Express\msimn.exe [77 loaded modules in total] -------------------- C:\Program Files\Internet Explorer\iexplore.exe [104 loaded modules in total] -------------------- C:\WINDOWS\system32\NOTEPAD.EXE [23 loaded modules in total] -------------------- C:\Documents and Settings\Eileen\Application Data\Simply Super Software\Trojan Remover\pey44.exe FileSize: 2548288 [This is a Trojan Remover component] [22 loaded modules in total] -------------------- ************************************************************ 11:46:02 AM: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file ************************************************************ 11:46:02 AM: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINDOWS\system32 No malicious entries were found in the AUTOEXEC.NT file ************************************************************ 11:46:02 AM: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ 11:46:02 AM: Scanning ------ %TEMP% DIRECTORY ------ Scan cancelled by User Scan stopped by user after 1259 files scanned. -------------------- ************************************************************ 11:52:50 AM: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------ No files found to scan ************************************************************ 11:52:51 AM: Scanning ------ ROOT DIRECTORY ------ Scan stopped by user after 0 files scanned. -------------------- Internet Explorer settings were not checked. ************************************************************ === CHANGES WERE MADE TO THE WINDOWS REGISTRY === === CHANGES WERE MADE TO A USER'S STARTUP GROUP === === ONE OR MORE FILES WERE RENAMED OR REMOVED === Scan completed at: 11:52:51 AM 07 Sep 2008 ------------------------------------------------------------------------- One or more files could not be moved or renamed as requested. They may be in use by Windows, so Trojan Remover needs to restart the system in order to deal with these files. *** RESTART CANCELLED BY USER *** Active Malware may already be re-infecting the system. ************************************************************ |
Zitat:
Vondaher habe ich dan "Trojan Remover" benutzt das du als"unoetig wie ein Kropf" findest. Komischer weise hat es mehr gebracht als die Anweisung?! |
Meinst du, durch ein dahergelaufenes Programm, das komischerweise nie empfohlen wird, reinigt dein kompromittiertes System? Schau mal hier => Technische Kompromittierung Wenn es bei dir jetzt nicht "Klick" macht, kann dir leider hier keiner helfen. EOD |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 21:41 Uhr. |
Copyright ©2000-2025, Trojaner-Board