Mehr als nur Trojan.ByteVerify

#1 Abend!

Muss mir wohl im Zuge des Surfens einen Trojaner Namens Trojan.ByteVerify eingefangen haben. Naja, den habe ich dann mit Norton löschen können. Einen weiteren Eintrag habe ich dann durch die Hilfe von "hijackthis.de" fixen können. Jedoch tauchen in meiner Logfile Einträge auf, bei denen ich mir nicht sicher bin. bei "hijackthis.de" steht dort z.B.: "evtl. gut". Da ich immer sehr darauf aus bin, ein sauberes System zu haben, bitte ich Euch, mal die Logfile durchzusehen. Gebt mir auch bitte Antwort, wenn alles in Ordnung ist. Das macht mich sicherer. ;-)

Vielen Dank schon mal im Voraus.

Jojo.

Logfile of HijackThis v1.99.1
Scan saved at 22:54:03, on 06.04.05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCPROXY.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMME\T-COM\SINUS 154 DATA II\PRISMSVR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMME\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAMME\T-COM\SINUS 154 DATA II\TS154USB.EXE
C:\PROGRAMME\ONLINECONTROL\OCONTROL.EXE
C:\PROGRAMME\SITECOM\BLUETOOTH SOFTWARE\BTTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAMME\ICQTOOLBAR\TOOLBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programme\T-Com\Sinus 154 data II\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [BtStart] C:\Programme\Sitecom\Bluetooth Software\bin\btstart.exe
O4 - HKLM\..\Run: [MMTray] C:\Programme\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [zSPGuard] c:\programme\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programme\Gemeinsame Dateien\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\GEMEIN~1\SYMANT~1\CCPROXY.EXE
O4 - HKLM\..\RunServices: [SndSrvc] C:\PROGRA~1\GEMEIN~1\SYMANT~1\SNDSRVC.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: T-Com WLAN Manager.lnk = C:\Programme\T-Com\Sinus 154 data II\TS154USB.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Startup: OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe
O4 - Startup: BTTray.lnk = C:\Programme\Sitecom\Bluetooth Software\BTTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Verweisseiten - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\PROGRAMME\IRFANVIEW\Ebay\Ebay.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

#2 Hallo@Jojo2803

•eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp

-->mwav.exe[oder:MWAVSCAN.COM] oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Danke @Sabina.
Bin über den Scan eingeschlafen. Naja. Hier die "infected"-Ergebnisse von mvav:

Wed Apr 06 23:42:23 2005 => System found infected with VB and VBA Program Settings Spyware/Adware! Action taken: No Action Taken.

Wed Apr 06 23:42:23 2005 => File System Found infected by "VB and VBA Program Settings Spyware/Adware" Virus. Action Taken: No Action Taken.


Wed Apr 06 23:59:14 2005 => File C:\Programme\Norton SystemWorks\Norton Antivirus\Quarantine\266538E4.htm infected by "Exploit.HTML.CodeBaseExec" Virus. Action Taken: No Action Taken.

Wed Apr 06 23:59:14 2005 => File C:\Programme\Norton SystemWorks\Norton Antivirus\Quarantine\26A6009D.htm infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.

Wed Apr 06 23:59:14 2005 => File C:\Programme\Norton SystemWorks\Norton Antivirus\Quarantine\36FE01D1.class infected by "Trojan.Java.ClassLoader.z" Virus. Action Taken: No Action Taken.

Wed Apr 06 23:59:14 2005 => File C:\Programme\Norton SystemWorks\Norton Antivirus\Quarantine\37127DBB.class infected by "Trojan.Java.ClassLoader.z" Virus. Action Taken: No Action Taken.

Wed Apr 06 23:59:15 2005 => File C:\Programme\Norton SystemWorks\Norton Antivirus\Quarantine\6D037F8D.class infected by "Trojan-Downloader.Java.OpenConnection.v" Virus. Action Taken: No Action Taken.


Thu Apr 07 00:23:22 2005 => ***** Scanning complete. *****

Thu Apr 07 00:23:22 2005 => Total Objects Scanned: 23276
Thu Apr 07 00:23:22 2005 => Total Virus(es) Found: 7
Thu Apr 07 00:23:22 2005 => Total Disinfected Files: 0
Thu Apr 07 00:23:22 2005 => Total Files Renamed: 0
Thu Apr 07 00:23:22 2005 => Total Deleted Objects: 0
Thu Apr 07 00:23:22 2005 => Total Errors: 21
Thu Apr 07 00:23:22 2005 => Time Elapsed: 00:39:35
Thu Apr 07 00:23:22 2005 => Virus Database Date: 2005/04/06
Thu Apr 07 00:23:22 2005 => Virus Database Count: 124827

So, hoffe, du kannst etwas damit anfangen und mir helfen. Hoffe, dass das nicht zu schwierig für mich wird. Ich danke dir aber nochmals für deine schnelle Hilfe bis hier hin.

Jojo2803.

#4 Hallo@Jojo2803

Guten Morgen Schon aufgewacht escan hat nichts weiter gefunden.....

#ClaerProg..lade die neuste Version <1.4.1
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Guten Tach @Sabina!

Zu dem Zeitpunkt deines heutigen Postings habe ich bereits 5 1/2 gearbeitet. Daher auch nur wenig Schlaf! :-( Egal. Die beiden Programme besaß ich bereits. Hier aber dennoch das Log von AdAware. Vielleicht kannst du ja da etwas herauslesen. Vordergründig hat er aber "0 critical objects" "gefunden".
Ich danke dir!

Jojo.

Ad-Aware SE Build 1.05
Logfile Created ononnerstag, 7. April 2005 17:43:53
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R37 07.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):14 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


07.04.05 17:43:53 - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291795089
Threads : 9
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Kernkomponente des Win32-Kernel
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL

#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294925169
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Windows 32-Bit-VxD-Meldungsserver
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE

#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294924001
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE

#:4 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294892413
Threads : 2
Priority : Normal
FileVersion : 4.71.1972.1
ProductVersion : 4.71.1972.1
ProductName : Taskplaner für Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Taskplaner-Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe

#:5 [SYMTRAY.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\
ProcessID : 4294891213
Threads : 1
Priority : Normal
FileVersion : 2004.7.81
ProductVersion : 2004.7.81
ProductName : Norton SystemWorks
CompanyName : Symantec Corporation
FileDescription : Norton SystemWorks SymTray
InternalName : SymTray.exe
LegalCopyright : Copyright (c) 1997-2003 Symantec Corporation
OriginalFilename : SymTray.exe

#:6 [CCSETMGR.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\
ProcessID : 4294899257
Threads : 8
Priority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:7 [CCEVTMGR.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\
ProcessID : 4294876357
Threads : 25
Priority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:8 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294870321
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk

#:9 [CCPROXY.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\
ProcessID : 4294883545
Threads : 11
Priority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:10 [SNDSRVC.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\
ProcessID : 4294866341
Threads : 9
Priority : Normal
FileVersion : 5.4.4.17
ProductVersion : 5.4
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:11 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294787885
Threads : 14
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Betriebssystem Microsoft(R) Windows NT(R)
CompanyName : Microsoft Corporation
FileDescription : Windows-Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE

#:12 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294763713
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright (C) Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE

#:13 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294763989
Threads : 2
Priority : Normal
FileVersion : 4.10.2224
ProductVersion : 4.10.2222
ProductName : Microsoft(R) Windows(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-1999
OriginalFilename : SYSTRAY.EXE

#:14 [CCAPP.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\
ProcessID : 4294813377
Threads : 41
Priority : Normal
FileVersion : 2.1.3.4
ProductVersion : 2.1.3.4
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:15 [PRISMSVR.EXE]
FilePath : C:\PROGRAMME\T-COM\SINUS 154 DATA II\
ProcessID : 4294733009
Threads : 13
Priority : Normal
FileVersion : 1.01.18
ProductVersion : 1.01.18.0020
ProductName : PRISM Wireless LAN
CompanyName : Conexant Systems, Inc.
FileDescription : PRISM Profiles Server Module
InternalName : GlobespanVirata
LegalCopyright : Copyright (c) 2004, Conexant Systems, Inc.
OriginalFilename : PRISMsvr.exe
Comments : Conexant Systems, Inc. (www.conexant.com)

#:16 [LOADQM.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294693113
Threads : 3
Priority : Normal
FileVersion : 5.4.1103.3
ProductVersion : 5.4.1103.3
ProductName : QMgr Loader
CompanyName : Microsoft Corporation
FileDescription : Microsoft QMgr
InternalName : LOADQM.EXE
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : LOADQM.EXE

#:17 [REALSCHED.EXE]
FilePath : C:\PROGRAMME\GEMEINSAME DATEIEN\REAL\UPDATE_OB\
ProcessID : 4294656117
Threads : 2
Priority : Normal
FileVersion : 0.1.0.3249
ProductVersion : 0.1.0.3249
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:18 [STIMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294665505
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Betriebssystem Microsoft(R) Windows(R)
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright (C) Microsoft Corp. 1996-1998
OriginalFilename : STIMON.EXE

#:19 [TEATIMER.EXE]
FilePath : C:\PROGRAMME\SPYBOT - SEARCH & DESTROY\
ProcessID : 4294626405
Threads : 3
Priority : Idle
FileVersion : 1, 3, 0, 12
ProductVersion : 1, 3, 0, 12
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:20 [TS154USB.EXE]
FilePath : C:\PROGRAMME\T-COM\SINUS 154 DATA II\
ProcessID : 4294638589
Threads : 3
Priority : Normal
FileVersion : 1.0.0.3
ProductVersion : 1.0.0.5
ProductName : Wireless Monitor
FileDescription : WLAN Monitor MFC Application
InternalName : base
LegalCopyright : Copyright © 2004
OriginalFilename : base.EXE

#:21 [OCONTROL.EXE]
FilePath : C:\PROGRAMME\ONLINECONTROL\
ProcessID : 4294600725
Threads : 2
Priority : Normal
FileVersion : 1.01.0022
ProductVersion : 1.01.0022
ProductName : OnlineControl
CompanyName : T-Com Bereich Endgeräte
InternalName : ocontrol
LegalCopyright : J. Huber, R.Kunz
OriginalFilename : ocontrol.exe

#:22 [BTTRAY.EXE]
FilePath : C:\PROGRAMME\SITECOM\BLUETOOTH SOFTWARE\
ProcessID : 4294588353
Threads : 2
Priority : Normal
FileVersion : 1.4.2 Build 10
ProductVersion : 1.4.2 Build 10
ProductName : Bluetooth Software 1.4.2 Build 10
CompanyName : WIDCOMM, Inc.
FileDescription : Bluetooth Tray Application
InternalName : BTTray
LegalCopyright : Copyright WIDCOMM, Inc. 2000-2003.
OriginalFilename : BTTray.exe

#:23 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294521605
Threads : 3
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft(R) Windows NT(R) Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe

#:24 [AD-AWARE.EXE]
FilePath : C:\PROGRAMME\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294291361
Threads : 2
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:25 [LUCOMSERVER_2_5.EXE]
FilePath : C:\PROGRAMME\SYMANTEC\LIVEUPDATE\
ProcessID : 4294544273
Threads : 4
Priority : Normal
FileVersion : 2.5.55.0
ProductVersion : 2.5.55.0
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : LiveUpdate Engine COM Module
InternalName : LuComServer
LegalCopyright : Copyright © 1996-2004 Symantec Corporation
OriginalFilename : LuComServer.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : .DEFAULT\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\musicmatch
Description : download location of the musicmatch installer


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio


MRU List Object Recognized!
Location: : .DEFAULT\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv
Description : file conversion location settings in musicmatch jukebox


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14



Deep scanning and examining files (C
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Deep scanning and examining files (D
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14

17:53:21 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:28.200
Objects scanned:49917
Objects identified:0
Objects ignored:0
New critical objects:0

#6 Hallo@Jojo2803

es scheint, dass dein Symantec schon ganze Arbeit geleistet hat

Dein System ist sauber, du brauchst dir keine Sorgen zu machen

#ClaerProg..lade die neuste Version <1.4.1
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)
__________
MfG Sabina

rund um die PC-Sicherheit

#7 Hallo @Sabina.

Na, dann bin ich ja gez beruhigt! Ich danke dir für deine Hilfe und Bemühungen!

MfG Jojo!

#8

Zitat

Jojo2803 postete
Na, dann bin ich ja gez beruhigt!

Ich wäre da nicht so beruhigt, denn offensichtlich nutzt du die Microsoft Virtual Machine (Java) in Verbindung mit dem Internet Explorer. Sehe ich das richtig? Dann solltest du das ändern.

#9 Sun JavaVM von http://www.java.com/en/download/installed.jsp
http://java.com/en/download/windows_xpi.jsp
(deinstallieren:
MS JavaVM deinstalliert (Anleitung unter http://www.tweakxp.com/tweak1065.aspx)
__________
MfG Sabina

rund um die PC-Sicherheit

#10 Tach!
Jetzt doch noch ne Bedrohung...Mist. Habe die erweitereten Einträge erst gerade bemerkt.
Was soll ich mit den einzelnen Links gez machen? Das verwirrt mich ein wenig. Aber danke, dass Ihr mich noch auf diese Sicherheitslücke hingewiesen habt. Heißt das, dass mein PC immer noch in gewisser Weise in Gefahr ist?

Danke.

Jojo.

#11 installiere JavaSun

und dann surfe nur noch mit dem Firefox

#Alternativbrowser zum IE
Firefox
http://www.firefox-browser.de/windows.php
http://www.mozilla-europe.org/de/
Installation+Konfiguration Firefox
http://www.pcwelt.de/know-how/software/103924/index1.html
__________
MfG Sabina

rund um die PC-Sicherheit