Trojan Horse Backdoor Generic5.ICJ

Rotkehlchen · 14.03.2007, 10:45

Juhuu. Ich hab den oben genannten Trojaner.

ich weiß auch schon, woher er kommt, aus einer keygen.exe
Einmal ist er in der Systempartition, weil ich das programm mit dem keygen ja installiert hab, aber eigentlich nicht auf DER partition, fällt mir gerade auf.
Und einer ist auf einer anderen Partition, auf der ich die Installationssoftware gespeichert hatte.
uuund neuerdings ist auch einer auch auf der externen Festplatte, auf die ich die Software jetzt geschoben habe.
Da das ding dort in der keygen.exe versteckt ist, hätte ich ne frage:
wenn ich den keygen.exe lösche, ist das zumindest die externe festplatte sauber? (wäre vermutlich zu einfach, aber man kann ja mal fragen)

Mein AVG-Scanner hat die 3 Exemplare gefunden und in der Virus Vault "gefangen".
Was mache ich jetzt am besten, um die Dinger loszuwerden?

ich hätte auch einen Hijack-Log im Angebot
sowie einen silent runners.

das würde ich als nächstes posten.

Rotkehlchen · 14.03.2007, 10:48

Logfile of HijackThis v1.99.1
Scan saved at 10:29:19, on 14.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
P:\SICHER~1\AVG\avgcc.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
P:\Hilfstools\Virtual CloneDrive\VirtualCloneDrive\VCDDaemon.exe
P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
P:\Treiber und mehr\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
P:\Hilfstools\Winzip\WZQKPICK.EXE
P:\SICHER~1\AVG\avgamsvr.exe
P:\SICHER~1\AVG\avgupsvc.exe
P:\SICHER~1\AVG\avgemc.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programme\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Programme\ProtectTools\Embedded Security Software\SpTna.exe
C:\Programme\HPQ\HP ProtectTools Security Manager\PTServs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
P:\Internet\Opera\Opera.exe
P:\SICHER~1\AVG\avgvv.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Skype\Plugin Manager\SkypePM.exe
C:\Dokumente und Einstellungen\Chef\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://w*w.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PTHOSTTR] C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AVG7_CC] P:\SICHER~1\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "P:\Multimedia\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VirtualCloneDrive] "P:\Hilfstools\Virtual CloneDrive\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "P:\Grafik\Adobe Creative Suite CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [LDM] P:\Treiber und mehr\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = P:\Treiber und mehr\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: WinZip Quick Pick.lnk = P:\Hilfstools\Winzip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://P:\BRO~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://P:\Multimedia\Mediacenter\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\BRO~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - P:\Internet\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - P:\Internet\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - P:\Hilfstools\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - P:\Hilfstools\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - P:\Treiber und mehr\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - P:\Grafik\Adobe Creative Suite CS2\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - P:\SICHER~1\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - P:\SICHER~1\AVG\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - P:\SICHER~1\AVG\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Ftdudbatite - Synaptics, Inc. - C:\WINDOWS\system32\drivers\SynTP.sys
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programme\ProtectTools\Embedded Security Software\PSDsrvc.EXE

Rotkehlchen · 14.03.2007, 10:54

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"LDM" = "P:\Treiber und mehr\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech Inc."]
"swg" = "C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" ["Google Inc."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"ICQ Lite" = "P:\Internet\ICQLite\ICQLite.exe -trayboot" ["ICQ Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MsmqIntCert" = "regsvr32 /s mqrt.dll" [MS]
"SoundMAXPnP" = "C:\Programme\Analog Devices\Core\smax4pnp.exe" ["Analog Devices, Inc."]
"SoundMAX" = "C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray" ["Analog Devices, Inc."]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"ATICCC" = ""C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay" [null data]
"PTHOSTTR" = "C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start" ["Hewlett-Packard Development Company, L.P."]
"HP Software Update" = "C:\Programme\Hp\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"DLA" = "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" ["Sonic Solutions"]
"SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"QlbCtrl" = "C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start"
"Cpqset" = "C:\Programme\HPQ\Default Settings\cpqset.exe" [null data]
"Recguard" = "C:\WINDOWS\Sminst\Recguard.exe" [empty string]
"Reminder" = "C:\WINDOWS\Creator\Remind_XP.exe" [empty string]
"Scheduler" = "C:\WINDOWS\SMINST\Scheduler.exe" [empty string]
"WatchDog" = "C:\Programme\InterVideo\DVD Check\DVDCheck.exe" ["InterVideo Inc."]
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"mmtask" = "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [file not found]
"AVG7_CC" = "P:\SICHER~1\AVG\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"QuickTime Task" = ""P:\Multimedia\Quicktime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Google Desktop Search" = ""C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup" ["Google"]
"VirtualCloneDrive" = ""P:\Hilfstools\Virtual CloneDrive\VirtualCloneDrive\VCDDaemon.exe" /s" ["Elaborate Bytes AG"]
"Adobe Version Cue CS2" = ""P:\Grafik\Adobe Creative Suite CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"" ["Adobe Sytems Incorporated"]
"Acrobat Assistant 7.0" = ""P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]
"(Default)" = "(empty string)" [file not found]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEToolbarHelper Class"
\InProcServer32\(Default) = "P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension"
-> {HKLM...CLSID} = "SimpleShlExt Class"
\InProcServer32\(Default) = "C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll" [empty string]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{E08BF9C5-191E-4B15-8F67-2622B4DB5580}" = "PSD Shell Extension"
-> {HKLM...CLSID} = "PSDShCtrl Class"
\InProcServer32\(Default) = "C:\Programme\ProtectTools\Embedded Security Software\PSDShExt.dll" ["Infineon Technologies AG"]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {HKLM...CLSID} = "SampleView"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellvRTF.dll" ["XSS"]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "Bluetooth-Umgebung"
\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "P:\Internet\ICQLite\ICQLiteShell.dll" [empty string]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "P:\Sicherheit\AVG\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "P:\Sicherheit\AVG\avgse.dll" ["GRISOFT, s.r.o."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "P:\HILFST~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "P:\HILFST~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "P:\HILFST~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{C81DCBCA-8AE2-41FC-9C39-78B160393210}" = "RhinoShExt"
-> {HKLM...CLSID} = "RhinoShExt"
\InProcServer32\(Default) = "C:\WINDOWS\system32\RhinoShExt.dll" ["Robert McNeel & Associates"]
"{51CD2A0E-D225-493C-A989-72D038BD97B6}" = "Media Center"
-> {HKLM...CLSID} = "Media Center"
\InProcServer32\(Default) = "P:\Multimedia\Mediacenter\MJShellExt.dll" ["J. River, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "P:\Büro\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B7056B8E-4F99-44f8-8CBD-282390FE5428}" = "VirtualCloneDrive"
-> {HKLM...CLSID} = "VirtualCloneDrive Shell Extension"
\InProcServer32\(Default) = "P:\Hilfstools\Virtual CloneDrive\VirtualCloneDrive\ElbyVCDShell.dll" ["Elaborate Bytes AG"]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{FED7043D-346A-414D-ACD7-550D052499A7}" = "dBpowerAMP Music Converter 1"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "P:\Multimedia\dBpowerAMP\dBpowerAMP\dBShell.dll" [empty string]
"{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}" = "dBpowerAMP Music Converter"
-> {HKLM...CLSID} = "dMCIShell Class"
\InProcServer32\(Default) = "P:\Multimedia\dBpowerAMP\dBpowerAMP\dMCShell.dll" [empty string]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "P:\HILFST~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" ["Google"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> IfxWlxEN\DLLName = "IfxWlxEN.dll" ["Infineon Technologies AG"]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
{FED7043D-346A-414D-ACD7-550D052499A7}\(Default) = "dBpowerAMP Column Handler"
-> {HKLM...CLSID} = "dBpShell Class"
\InProcServer32\(Default) = "P:\Multimedia\dBpowerAMP\dBpowerAMP\dBShell.dll" [empty string]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {HKLM...CLSID} = "Acrobat Elements Context Menu"
\InProcServer32\(Default) = "P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
APSDShExt\(Default) = "{E08BF9C5-191E-4B15-8F67-2622B4DB5580}"
-> {HKLM...CLSID} = "PSDShCtrl Class"
\InProcServer32\(Default) = "C:\Programme\ProtectTools\Embedded Security Software\PSDShExt.dll" ["Infineon Technologies AG"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "P:\Sicherheit\AVG\avgse.dll" ["GRISOFT, s.r.o."]
EncodeDivXExt\(Default) = "{E9F5B111-CACC-4FD4-81FD-4EB4FD6765A3}"
-> {HKLM...CLSID} = "EncodeDivXContextMenu Class"
\InProcServer32\(Default) = "p:\multimedia\DivX\Dr.DivX\EncodeDivXExt.dll" [empty string]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "P:\Internet\ICQLite\ICQLiteShell.dll" [empty string]
Media Center\(Default) = "{51CD2A0E-D225-493C-A989-72D038BD97B6}"
-> {HKLM...CLSID} = "Media Center"
\InProcServer32\(Default) = "P:\Multimedia\Mediacenter\MJShellExt.dll" ["J. River, Inc."]
RhinoShExt\(Default) = "{C81DCBCA-8AE2-41FC-9C39-78B160393210}"
-> {HKLM...CLSID} = "RhinoShExt"
\InProcServer32\(Default) = "C:\WINDOWS\system32\RhinoShExt.dll" ["Robert McNeel & Associates"]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "P:\HILFST~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "P:\Internet\ICQLite\ICQLiteShell.dll" [empty string]
Media Center\(Default) = "{51CD2A0E-D225-493C-A989-72D038BD97B6}"
-> {HKLM...CLSID} = "Media Center"
\InProcServer32\(Default) = "P:\Multimedia\Mediacenter\MJShellExt.dll" ["J. River, Inc."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "P:\HILFST~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
APSDShExt\(Default) = "{E08BF9C5-191E-4B15-8F67-2622B4DB5580}"
-> {HKLM...CLSID} = "PSDShCtrl Class"
\InProcServer32\(Default) = "C:\Programme\ProtectTools\Embedded Security Software\PSDShExt.dll" ["Infineon Technologies AG"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "P:\Sicherheit\AVG\avgse.dll" ["GRISOFT, s.r.o."]
Media Center\(Default) = "{51CD2A0E-D225-493C-A989-72D038BD97B6}"
-> {HKLM...CLSID} = "Media Center"
\InProcServer32\(Default) = "P:\Multimedia\Mediacenter\MJShellExt.dll" ["J. River, Inc."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "P:\HILFST~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"ClearRecentDocsOnExit" = (REG_DWORD) hex:0x00000001
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

Startup items in "Chef" & "All Users" startup folders:
------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Acrobat Speed Launcher" -> shortcut to: "C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe" [null data]
"Adobe Gamma" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"BTTray" -> shortcut to: "C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."]
"Logitech Desktop Messenger" -> shortcut to: "P:\Treiber und mehr\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -startup" ["Logitech Inc."]
"WinZip Quick Pick" -> shortcut to: "P:\Hilfstools\Winzip\WZQKPICK.EXE" ["WinZip Computing LP"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF"
\InProcServer32\(Default) = "P:\Grafik\Adobe Creative Suite CS2\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "P:\BRO~1\MICROS~1\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{0E921E80-267A-42AA-AEE4-60B9A1222A44}\
"ButtonText" = "Klicke hier um das Projekt xp-AntiSpy zu unterstützen"
"MenuText" = "Unterstützung für xp-AntiSpy"
"Exec" = "P:\Hilfstools\xp-AntiSpy\sponsoring\sponsor.html" [null data]

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "P:\Internet\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG E-mail Scanner, AVGEMS, "P:\SICHER~1\AVG\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "P:\SICHER~1\AVG\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "P:\SICHER~1\AVG\avgupsvc.exe" ["GRISOFT, s.r.o."]
Bluetooth Service, btwdins, "C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."]
hpqwmiex, hpqwmiex, "C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."]
LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"]
Message Queuing, MSMQ, "C:\WINDOWS\system32\mqsvc.exe" [MS]
Message Queuing Triggers, MSMQTriggers, "C:\WINDOWS\system32\mqtgsvc.exe" [MS]
Personal Secure Drive Service, PersonalSecureDriveService, ""C:\Programme\ProtectTools\Embedded Security Software\PSDsrvc.EXE"" ["Infineon Technologies AG"]
Security Platform Management Service, IFXSpMgtSrv, "C:\WINDOWS\system32\IFXSPMGT.exe" ["Infineon Technologies AG"]
Trusted Platform Core Service, IFXTCS, "C:\WINDOWS\system32\IFXTCS.exe" ["Infineon Technologies AG"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMI-Leistungsadapter, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
Bluetooth-Druckeranschluss\Driver = "bthcrp.dll" ["Broadcom Corporation."]
HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"]
HP Mobile Printing Monitor\Driver = "HPMPMW.DLL" ["Hewlett-Packard"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 44 seconds, including 18 seconds for message boxes)

Franz1968 · 15.03.2007, 09:53

Hallo,

Zitat:

Juhuu. Ich hab den oben genannten Trojaner.

Herzlichen Glückwunsch auch von mir.

Zitat:

ich weiß auch schon, woher er kommt, aus einer keygen.exe

"Sowas kommt von sowas" sage ich jetzt ausdrücklich nicht.

Zitat:

wenn ich den keygen.exe lösche, ist das zumindest die externe festplatte sauber? (wäre vermutlich zu einfach, aber man kann ja mal fragen)

Da du die keygen.exe ja installiert hattest, lautet die Antwort: Ja. Ist zu einfach. Kein Mensch weiß ja, um welchen Trojaner genau es sich handelt und wohin überall er sich installiert.
Ich würde die keygen.exe einfach mal bei Virustotal scannen und die Ergebnisse posten, um mehr über deinen Backdoor-Trojaner zu erfahren. Aber die Prognose, dass du eine Neuinstallation gewonnen hast, ist wohl nicht zu gewagt.

Rotkehlchen · 15.03.2007, 20:01

du hast ja recht. :/

hier also die virustotalauswertung:

AhnLab-V3 2007.3.15.0 03.15.2007 no virus found
AntiVir 7.3.1.43 03.15.2007 no virus found
Authentium 4.93.8 03.15.2007 no virus found
Avast 4.7.936.0 03.15.2007 no virus found
AVG 7.5.0.447 03.15.2007 BackDoor.Generic5.ICJ
BitDefender 7.2 03.15.2007 no virus found
CAT-QuickHeal 9.00 03.15.2007 (Suspicious) - DNAScan
ClamAV 0.90.1 03.15.2007 no virus found
DrWeb 4.33 03.15.2007 no virus found
eSafe 7.0.14.0 03.15.2007 suspicious Trojan/Worm
eTrust-Vet 30.6.3480 03.15.2007 no virus found
Ewido 4.0 03.15.2007 no virus found
FileAdvisor 1 03.15.2007 no virus found
Fortinet 2.85.0.0 03.15.2007 no virus found
F-Prot 4.3.1.45 03.15.2007 no virus found
F-Secure 6.70.13030.0 03.15.2007 no virus found
Ikarus T3.1.1.3 03.15.2007 no virus found
Kaspersky 4.0.2.24 03.15.2007 no virus found
McAfee 4985 03.15.2007 no virus found
Microsoft 1.2306 03.15.2007 no virus found
NOD32v2 2117 03.15.2007 no virus found
Norman 5.80.02 03.15.2007 no virus found
Panda 9.0.0.4 03.15.2007 Suspicious file
Prevx1 V2 03.15.2007 no virus found
Sophos 4.15.0 03.13.2007 no virus found
Sunbelt 2.2.907.0 03.15.2007 VIPRE.Suspicious
Symantec 10 03.15.2007 no virus found
TheHacker 6.1.6.076 03.15.2007 no virus found
UNA 1.83 03.14.2007 no virus found
VBA32 3.11.2 03.15.2007 no virus found
VirusBuster 4.3.7:9 03.15.2007 no virus found

Aditional Information
File size: 58082 bytes
MD5: b8ab72e1fdec0845847c04f86d92ff9e
SHA1: d672c2398bfc311401d870e5565c0b2a34a81ecb
packers: UPX
packers: UPX
packers: UPX
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Trojan Horse Backdoor Generic5.ICJ

Plagegeister aller Art und deren Bekämpfung: Trojan Horse Backdoor Generic5.ICJ