Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojan-Downloader.Bagle und E-mail-Worm.Bagle

Trojan-Downloader.Bagle und E-mail-Worm.Bagle


Log-Analyse und Auswertung: Trojan-Downloader.Bagle und E-mail-Worm.Bagle

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 23.03.2008, 19:09   #1
ZJZ
 
Trojan-Downloader.Bagle und E-mail-Worm.Bagle - Standard

Trojan-Downloader.Bagle und E-mail-Worm.Bagle


Hallo!
Wie ich das entfernen kann?
CPU Auslastung liegt immer bei 70 % und höher.
Danke.
Mein HijackThis Logs:
Logfile of HijackThis v1.99.1
Scan saved at 18:04:57, on 23.03.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\Programme\Spyware Nuker\swnxt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Free Download Manager\fdm.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programme\Sun\StarOffice 8\program\soffice.exe
C:\Programme\Sun\StarOffice 8\program\soffice.BIN
C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programme\Spyware Doctor\pctsGui.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\Software\pruefung.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.gmx.net/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.gmx.net/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.gmx.net/home
R3 - URLSearchHook: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programme\LphantBar\tbLph1.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programme\LphantBar\tbLph1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: LphantBar Toolbar - {6b284373-1765-4464-a587-80fbc2b2eefa} - C:\Programme\LphantBar\tbLph1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Programme\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SWN2] C:\Programme\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Programme\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LphantAutoRun] C:\Programme\Lphant\eLePhantClient.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: StarOffice 8.lnk = C:\Programme\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: GMX Browser Update (AdminSVC) - hablamax - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe

Alt 23.03.2008, 19:18   #2
boston
 
Trojan-Downloader.Bagle und E-mail-Worm.Bagle - Standard

Trojan-Downloader.Bagle und E-mail-Worm.Bagle


hallo, zjz,
welches av-programm hat bagle in welcher datei gefunden?

bitte lade dir hier
ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
blacklight herunter
dann als admin :
- i accept the agreement
- next
- scan

und dann poste das log, das du im blacklight-ordner findest.
__________________
Alt 23.03.2008, 20:02   #3
ZJZ
 
Trojan-Downloader.Bagle und E-mail-Worm.Bagle - Standard

Trojan-Downloader.Bagle und E-mail-Worm.Bagle


Danke

03/23/08 19:35:56 [Info]: BlackLight Engine 1.0.67 initialized
03/23/08 19:35:56 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/23/08 19:35:56 [Note]: 7019 4
03/23/08 19:35:56 [Note]: 7005 0
03/23/08 19:36:05 [Note]: 7006 0
03/23/08 19:36:05 [Note]: 7027 1
03/23/08 19:36:05 [Note]: 7027 0
03/23/08 19:36:13 [Note]: 7026 0
03/23/08 19:36:19 [Note]: 7026 0
03/23/08 19:36:19 [Note]: 7024 3
03/23/08 19:36:19 [Info]: Hidden process: C:\WINDOWS\system32\drivers\hldrrr.exe
03/23/08 19:36:26 [Note]: FSRAW library version 1.7.1024
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Empty.txt
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Filters.xml
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\news.png
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\paint.png
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Profiles\Blank.txt
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Sample1.jpg
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Info]: Hidden file: c:\Programme\Movie Maker\Shared\Sample2.jpg
03/23/08 19:39:03 [Note]: 10002 3
03/23/08 19:39:03 [Note]: 10002 2
03/23/08 19:39:03 [Note]: 10002 2
03/23/08 19:43:10 [Note]: 10002 2
03/23/08 19:43:10 [Note]: 10002 2
03/23/08 19:43:41 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
03/23/08 19:43:41 [Note]: 10002 2
03/23/08 19:43:41 [Info]: Hidden file: C:\WINDOWS\system32\drivers\hldrrr.exe
03/23/08 19:43:41 [Note]: 10002 2
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\123093.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15748406.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\66078.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\100015.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\101937.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\103843.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\104500.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\105265.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\105843.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\107968.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\108984.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\110468.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\110500.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\111250.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\113578.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\114390.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1147390.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1148500.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\114953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1154937.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\115546.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1156015.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1158390.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\116140.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1161828.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1163078.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\116625.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1168234.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\117921.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1194656.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\119937.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1200046.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1203078.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1209109.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1212500.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1214015.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1221765.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15751312.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15754156.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15757296.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15758546.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\157609.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15765890.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15770578.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15775953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15787312.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15792031.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15829234.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15836890.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\159953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\163031.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\181593.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\188593.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\199703.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\206390.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\61000.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\61562.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\64359.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\65765.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\66484.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\68953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\70343.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\70953.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\71203.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\71875.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\73359.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\74250.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\74343.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\75078.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\76671.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\77734.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\79515.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\79875.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\80359.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:44 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\80593.exe
03/23/08 19:43:44 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\82968.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\88421.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\94734.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\98000.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\99609.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\124265.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1290859.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\1298609.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\131765.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\135781.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\137046.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\142203.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\144875.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\151421.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\156218.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15692546.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15693609.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15699062.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15700250.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15702796.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15706062.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15706937.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15710687.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Info]: Hidden file: c:\WINDOWS\system32\drivers\down\15741109.exe
03/23/08 19:43:45 [Note]: 10002 3
03/23/08 19:43:45 [Note]: 10002 2
03/23/08 19:43:45 [Note]: 10002 2
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 3
03/23/08 19:43:50 [Note]: 10002 2
03/23/08 19:43:50 [Note]: 10002 2
03/23/08 19:51:57 [Note]: 7007 0
__________________
Alt 23.03.2008, 20:24   #4
ZJZ
 
Trojan-Downloader.Bagle und E-mail-Worm.Bagle - Standard

Trojan-Downloader.Bagle und E-mail-Worm.Bagle


Wurde von "PC Tools Spyware Doctor" gefunden.
Ich kann die zwei nicht löschen und beim Löschvorgang immer Neustart verlangt wird.
Habe ausprobiert, bringt nichts.
Danke für Ihre Hilfe.
ZJZ.


Trojan-Downloader.Bagle:

Registry-Wert
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA, NextInstance
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, Type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, Start
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, ErrorControl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa, DisplayName

Registry-Schlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa

**********************************************************************
E-mail-Worm.Bagle

Registry-Wert:
HKEY_USERS\S-1-5-21-839522115-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run, german.exe

Alt 23.03.2008, 20:28   #5
boston
 
Trojan-Downloader.Bagle und E-mail-Worm.Bagle - Standard

Trojan-Downloader.Bagle und E-mail-Worm.Bagle


Zitat:
Danke
hallo, zjz,
oh, mit dem bedanken solltest du warten.
da bagle in deinem system aktiv ist, führt leider kein
weg am Neuaufsetzen vorbei.
http://www.trojaner-board.de/12154-a...sicherung.html
was seit der infektion mit deinem rechner passiert ist, kannst du hier nachlesen:
Technische Kompromittierung - Wikipedia
Botnet - Wikipedia


Alt 23.03.2008, 20:54   #6
ZJZ
 
Trojan-Downloader.Bagle und E-mail-Worm.Bagle - Standard

Trojan-Downloader.Bagle und E-mail-Worm.Bagle


Hallo,
Wenn ich alle meine Daten auf cd kopiere, wird auch Wurm mitkopiert?
Danke

Alt 23.03.2008, 21:02   #7
boston
 
Trojan-Downloader.Bagle und E-mail-Worm.Bagle - Standard

Trojan-Downloader.Bagle und E-mail-Worm.Bagle


hallo,
eigene dokumente, bilder und musik kannst du sichern,
keine ausführbaren dateien.
Computersicherheit - Dateiendungen
am sichersten ist das kopieren der dateien mit einer
live-cd wie z.b. puppy linux.
nach dem Neuaufsetzen die dateien
mit einem scanner überprüfen.

Alt 24.03.2008, 21:48   #8
ZJZ
 
Trojan-Downloader.Bagle und E-mail-Worm.Bagle - Standard

Trojan-Downloader.Bagle und E-mail-Worm.Bagle


Danke. Wird gemacht.

Antwort

Themen zu Trojan-Downloader.Bagle und E-mail-Worm.Bagle
adobe, antivir, askbar, auslastung, avg, avgnt, avgnt.exe, avira, bho, browser, browser update, download, drivers, einstellungen, entfernen, explorer, free download, google, hijack, hijackthis, internet, internet explorer, jusched.exe, microsoft, pdf, programme, security, software, spyware, system, urlsearchhook, windows, windows xp


« Bitte erklärt mit wie man HiJack logs auswertet...... | install-privacy-danger.bat »


Ähnliche Themen: Trojan-Downloader.Bagle und E-mail-Worm.Bagle


  1. Bundestrojaner Österreich und Win32/Bagle.gen.zip worm
    Log-Analyse und Auswertung - 18.07.2012 (3)
  2. Worm.Bagle entfernen mit Findykill
    Anleitungen, FAQs & Links - 26.12.2009 (1)
  3. Wie gefährlich sind "I-Worm.Bagle.AAKP","Trojan.DL.Bagle.ABWF","Bagle.Gen 21"
    Plagegeister aller Art und deren Bekämpfung - 31.10.2009 (1)
  4. Bagle
    Log-Analyse und Auswertung - 08.11.2008 (0)
  5. Email-Worm.Bagle.of/Trojan.Toosrrr.SRR und weitere/System verweigert ua auch HijackTh
    Plagegeister aller Art und deren Bekämpfung - 03.09.2008 (13)
  6. W32/Bagle.gen
    Plagegeister aller Art und deren Bekämpfung - 15.08.2008 (8)
  7. Bagle.dk
    Mülltonne - 21.09.2007 (1)
  8. TR/Bagle.Gen.B
    Plagegeister aller Art und deren Bekämpfung - 04.09.2007 (11)
  9. Worm/Bagle.srn Muß ich wirklich formatieren???
    Log-Analyse und Auswertung - 27.06.2007 (1)
  10. BAGLE-AS TROJAN gefunden, abgesicherter Modus geht nicht & Ordner gemeinsame Dateien
    Alles rund um Windows - 14.02.2007 (3)
  11. TR/Dldr.Bagle.GX + WORM/Bagle.GY.1 - Internet funktioniert nicht mehr richtig
    Plagegeister aller Art und deren Bekämpfung - 09.01.2007 (6)
  12. Email.Worm Bagle
    Plagegeister aller Art und deren Bekämpfung - 30.09.2006 (1)
  13. Email-Worm.Win32.Bagle.pac - alt aber noch resistent! Was kann ich tun?
    Plagegeister aller Art und deren Bekämpfung - 23.11.2005 (12)
  14. Email-Worm Win32 Bagle.pac - Logfile
    Mülltonne - 21.11.2005 (1)
  15. E-Mail-Worm.Win32.Bagle.bn!! Bitte helft mir!!!
    Plagegeister aller Art und deren Bekämpfung - 30.07.2005 (3)
  16. TR/Bagle.al
    Log-Analyse und Auswertung - 16.04.2005 (7)
  17. Remote Virenentfernung I-Worm.Bagle.Z?
    Plagegeister aller Art und deren Bekämpfung - 02.07.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojan-Downloader.Bagle und E-mail-Worm.Bagle - Hallo! Wie ich das entfernen kann? CPU Auslastung liegt immer bei 70 % und höher. Danke. Mein HijackThis Logs: Logfile of HijackThis v1.99.1 Scan saved at 18:04:57, on 23.03.2008 Platform: - Trojan-Downloader.Bagle und E-mail-Worm.Bagle...
Archiv
Du betrachtest: Trojan-Downloader.Bagle und E-mail-Worm.Bagle auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55