Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk"

Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk"


Log-Analyse und Auswertung: Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.10.2008, 09:22   #1
moeeee
 
Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk" - Standard

Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk"


Hi,

also, Antivirus hat schon zwei Warnmeldungen rausgegeben. Aber das Programm selber konnte es nicht löschen bzw in Quarantäne verschieben!

Die genauen Fehlermeldungen waren folgende:

Einmal:
In der Datei 'C:\Dokumente und Einstellungen\Moeee\Lokale Einstellungen\Temp\c.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/DelSelf.H' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Der Name der Datei wechselt immer zwischen "c.exe" wie im obigen Beispiel und "a.exe". Ist aber der gleiche Backdoor

das andere:
In der Datei 'C:\WINDOWS\system32\rsnatyvw.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.FraudL.vahk' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern


Mein System: Windows Xp SP3


nen Logfile von HijackThis sieht folgendermaßen aus:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:10, on 15.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\glwrujil\ghmbwxyr.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Samsung\Samsung EDS\EDSAgent.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\rsnatyvw.exe
C:\DOKUME~1\Moeee\LOKALE~1\Temp\video1073.cfg.exe
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\GetRight\GetRight.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programme\OpenOffice.org 2.4\program\soffice.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Miranda-Im\Miranda IM\miranda32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Moeee\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: offersfortoday browser enhancer - {2B1D89D3-B827-6E5D-F825-687F33AA9279} - C:\WINDOWS\system32\detnbsezuek.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVStation Premium 3.75] "C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe" /start
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [wvadfhiyntaaig] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\detnbsezuek.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [dscaplsrv] C:\WINDOWS\system32\rsnatyvw.exe
O4 - HKCU\..\Run: [MSFox] C:\DOKUME~1\Moeee\LOKALE~1\Temp\video1073.cfg.exe
O4 - HKLM\..\Policies\Explorer\Run: [uVgOm9k3Cq] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\glwrujil\ghmbwxyr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GetRight.lnk = C:\Programme\GetRight\GetRight.exe
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF15257F-FF26-4F1B-8519-B2C51D9EF4CB}: NameServer = 192.168.0.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED013442-6CDE-4A2E-B4DE-7E00CF98AF7F}: NameServer = 192.168.19.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe

--
End of file - 8945 bytes



Leider bin ich mittels google nicht schlauer geworden. Bitte um Hilfe!


moe

Alt 16.10.2008, 11:24   #2
Chris4You
 
Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk" - Standard

Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk"


Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\glwrujil\ghmbwxyr.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\rsnatyvw.exe
C:\DOKUME~1\Moeee\LOKALE~1\Temp\video1073.cfg.exe
C:\WINDOWS\system32\detnbsezuek.dll
C:\WINDOWS\system32\msxml71.dll
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Falls alle Files erkannt wurden weitermachen, sonst nicht erkannt Files und Schlüssel aus den Scripten entfernen...

Also:
Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:



2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")

Code:
ATTFilter
Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|wvadfhiyntaaig
 
Files to delete:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\glwrujil\ghmbwxyr.exe
C:\WINDOWS\system32\rsnatyvw.exe
C:\DOKUME~1\Moeee\LOKALE~1\Temp\video1073.cfg.exe
C:\WINDOWS\system32\detnbsezuek.dll
C:\WINDOWS\system32\msxml71.dll
C:\Dokumente und Einstellungen\Moeee\Lokale Einstellungen\Temp\a.exe
C:\Dokumente und Einstellungen\Moeee\Lokale Einstellungen\Temp\c.exe

Folders to delete:
C:\DOKUME~1\Moeee\LOKALE~1\Temp
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\glwrujil

3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.


4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.


Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!
Code:
ATTFilter
O4 - HKLM\..\Policies\Explorer\Run: [uVgOm9k3Cq] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\glwrujil\ghmbwxyr.exe
O4 - HKCU\..\Run: [dscaplsrv] C:\WINDOWS\system32\rsnatyvw.exe
O4 - HKCU\..\Run: [MSFox] C:\DOKUME~1\Moeee\LOKALE~1\Temp\video1073.cfg.exe
O4 - HKLM\..\Run: [wvadfhiyntaaig] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\detnbsezuek.dll"
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: offersfortoday browser enhancer - {2B1D89D3-B827-6E5D-F825-687F33AA9279} - C:\WINDOWS\system32\detnbsezuek.dll
Danach bitte noch MAM und RSIT:
Malwarebytes Antimalware.
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
(Fusscann und bereinigen lassen, log posten)

RSIT
Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile.
Lade Random's System Information Tool (RSIT) herunter (http://filepony.de/download-rsit/)
speichere es auf Deinem Desktop.
Starte mit Doppelklick die RSIT.exe.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Chris
__________________

__________________
Alt 17.10.2008, 16:15   #3
moeeee
 
Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk" - Standard

Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk"


Hi, danke schonmal für die HIlfe:

Erste Datei: C:\WINDOWS\System32\regsvr32.exe

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.10.18.0 2008.10.17 -
AntiVir 7.9.0.5 2008.10.17 -
Authentium 5.1.0.4 2008.10.17 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.17 -
BitDefender 7.2 2008.10.17 -
CAT-QuickHeal 9.50 2008.10.17 -
ClamAV 0.93.1 2008.10.17 -
DrWeb 4.44.0.09170 2008.10.17 -
eSafe 7.0.17.0 2008.10.16 -
eTrust-Vet 31.6.6153 2008.10.17 -
Ewido 4.0 2008.10.17 -
F-Prot 4.4.4.56 2008.10.16 -
F-Secure 8.0.14332.0 2008.10.17 -
Fortinet 3.113.0.0 2008.10.17 -
GData 19 2008.10.17 -
Ikarus T3.1.1.44.0 2008.10.17 -
K7AntiVirus 7.10.498 2008.10.17 -
Kaspersky 7.0.0.125 2008.10.17 -
McAfee 5407 2008.10.16 -
Microsoft 1.4005 2008.10.17 -
NOD32 3532 2008.10.17 -
Norman 5.80.02 2008.10.16 -
Panda 9.0.0.4 2008.10.17 -
PCTools 4.4.2.0 2008.10.17 -
Prevx1 V2 2008.10.17 -
Rising 20.66.42.00 2008.10.17 -
SecureWeb-Gateway 6.7.6 2008.10.17 -
Sophos 4.34.0 2008.10.17 -
Sunbelt 3.1.1730.1 2008.10.17 -
Symantec 10 2008.10.17 -
TheHacker 6.3.1.0.116 2008.10.16 -
TrendMicro 8.700.0.1004 2008.10.17 -
VBA32 3.12.8.7 2008.10.16 -
ViRobot 2008.10.17.1425 2008.10.17 -
VirusBuster 4.5.11.0 2008.10.17 -
weitere Informationen
File size: 12288 bytes
MD5...: b152cc811be2694388008696ec1bcb44
SHA1..: 479aa2c1e03f01906e4aa1612657869110135cd2
SHA256: fef1407e88c0fa1ef7727b045d05fcb8c1a875d34c91233916e1f98d8fa9fb84
SHA512: 70d6ecbe19d0cea0ecac709a0899fa3c43582a91ac091fdd5e6b63beff225c32
62f2887bdbf22fa7be5d3cc2bc411b3b1c2440c4ed0ee665916e44a9b4a383f5
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1002327
timedatestamp.....: 0x4802543f (Sun Apr 13 18:43:11 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1ad8 0x1c00 5.94 1b55ac757ff42a83803355b46d21a29b
.data 0x3000 0x42c 0x200 1.24 f3191982f025c39a4245004017cf6071
.rsrc 0x4000 0xcdc 0xe00 3.84 8d5c4d4c2b064c3146f407c01c15fc0f

( 5 imports )
> msvcrt.dll: _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __wgetmainargs, exit, _cexit, _XcptFilter, _exit, _c_exit, _except_handler3, __argc, __wargv, _wsplitpath, _wcmdln, wcslen
> ADVAPI32.dll: RegQueryValueW, RegCloseKey, RegOpenKeyExW
> KERNEL32.dll: SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, GetModuleHandleA, LocalAlloc, FormatMessageW, SetErrorMode, lstrcatA, WideCharToMultiByte, LoadLibraryExW, GetLastError, GetProcAddress, lstrcmpW, GetStartupInfoW, QueryPerformanceCounter, lstrlenW, lstrcpyW, lstrcatW, lstrcpynW, FreeLibrary
> USER32.dll: LoadStringW, MessageBoxW, wsprintfW
> ole32.dll: OleInitialize, OleUninitialize

( 0 exports )



nächste: C:\WINDOWS\system32\detnbsezuek.dll

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.10.18.0 2008.10.17 -
AntiVir 7.9.0.5 2008.10.17 -
Authentium 5.1.0.4 2008.10.17 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.17 Adload_r.CL
BitDefender 7.2 2008.10.17 -
CAT-QuickHeal 9.50 2008.10.17 -
ClamAV 0.93.1 2008.10.17 -
DrWeb 4.44.0.09170 2008.10.17 -
eSafe 7.0.17.0 2008.10.16 -
eTrust-Vet 31.6.6153 2008.10.17 -
Ewido 4.0 2008.10.17 -
F-Prot 4.4.4.56 2008.10.16 -
Fortinet 3.113.0.0 2008.10.17 Adware/AdClicker
GData 19 2008.10.17 -
Ikarus T3.1.1.44.0 2008.10.17 -
K7AntiVirus 7.10.498 2008.10.17 -
Kaspersky 7.0.0.125 2008.10.17 -
McAfee 5407 2008.10.16 -
Microsoft 1.4005 2008.10.17 -
NOD32 3532 2008.10.17 -
Norman 5.80.02 2008.10.16 -
Panda 9.0.0.4 2008.10.17 -
PCTools 4.4.2.0 2008.10.17 -
Rising 20.66.42.00 2008.10.17 -
SecureWeb-Gateway 6.7.6 2008.10.17 -
Sophos 4.34.0 2008.10.17 -
Sunbelt 3.1.1730.1 2008.10.17 -
Symantec 10 2008.10.17 -
TheHacker 6.3.1.0.116 2008.10.16 -
TrendMicro 8.700.0.1004 2008.10.17 -
VBA32 3.12.8.7 2008.10.16 -
ViRobot 2008.10.17.1425 2008.10.17 -
VirusBuster 4.5.11.0 2008.10.17 -
weitere Informationen
File size: 171520 bytes
MD5...: e8c00af77d4e7d93efb71342eb391c31
SHA1..: 7cd3ba77ace5c6278c0f637cd4c99d8f6900aa56
SHA256: 1ccc5d11d170b272c3fdadcb203147c1012632be446caf9acb6b7850c498cbeb
SHA512: d8a98a708bc71d9e9322557c1e93a28e5438b398d2bd8344fa5eaa373bd65cf3
9c7c0564df958260c8a2c8de9d05d494ef9cfa375bd70bbb59f3c42ee9c1d0fc
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000f998
timedatestamp.....: 0x48f4c74f (Tue Oct 14 16:22:39 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1e9a8 0x1ea00 6.69 d0cc931c9a8aeee56f177f3bdca5801a
.rdata 0x20000 0x6bd5 0x6c00 5.42 308b256c0220cfba57ed0dc32dac3e36
.data 0x27000 0x33e4 0x1800 3.92 12192e03ab39996877e428fecfa3bf31
.rsrc 0x2b000 0x34c 0x400 4.68 bcfd57d29b0a8d132b3dfb2d389fc812
.reloc 0x2c000 0x26e6 0x2800 4.94 9cff8981dd7e668d61e9685a0a869640

( 8 imports )
> RPCRT4.dll: UuidToStringW, RpcStringFreeW
> VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
> SHLWAPI.dll: StrCmpIW, StrStrIW, PathStripPathW, UrlEscapeW, SHDeleteKeyW
> KERNEL32.dll: ExitThread, WaitForSingleObject, CreateThread, Sleep, GetModuleFileNameW, OpenMutexW, GetSystemTime, CreateEventW, OpenProcess, CreateMutexW, GetLastError, InterlockedIncrement, InterlockedDecrement, lstrcmpW, SystemTimeToFileTime, GetLocalTime, LocalFree, LoadLibraryA, FreeLibrary, ExpandEnvironmentStringsW, WideCharToMultiByte, MultiByteToWideChar, GetTempFileNameW, GetTickCount, GetEnvironmentVariableW, LocalAlloc, LoadLibraryW, GetVolumeInformationW, GetWindowsDirectoryW, GetSystemInfo, GetStringTypeW, GetStringTypeA, LCMapStringA, GetLocaleInfoA, InitializeCriticalSectionAndSpinCount, GetConsoleMode, GetConsoleCP, SetFilePointer, HeapReAlloc, VirtualAlloc, GetSystemTimeAsFileTime, GetCurrentProcessId, QueryPerformanceCounter, VirtualFree, HeapDestroy, HeapCreate, GetEnvironmentStringsW, GetProcAddress, CreateProcessW, CloseHandle, SetEvent, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, lstrlenW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, FlushFileBuffers, VirtualQuery, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetFileType, SetHandleCount, LCMapStringW, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetModuleFileNameA, GetStdHandle, WriteFile, ExitProcess, HeapSize, GetModuleHandleA, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlUnwind, GetCurrentThreadId, GetCommandLineA, HeapFree, HeapAlloc, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError
> USER32.dll: RealGetWindowClassW, CallWindowProcW, SetWindowLongW, SetPropW, GetWindowThreadProcessId, EnumChildWindows, PostMessageW, SendMessageW, GetWindowTextW, RemovePropW, SetWindowTextW, OffsetRect, IntersectRect, SetActiveWindow, ClientToScreen, PeekMessageW, MsgWaitForMultipleObjects, TranslateMessage, DispatchMessageW, GetClassNameW, GetPropW, InflateRect
> ADVAPI32.dll: CryptGetHashParam, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorSacl, SetSecurityInfo, CryptGenRandom, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptDestroyHash, CryptReleaseContext, RegQueryValueExW, RegCreateKeyW, RegCreateKeyExW, RegSetValueW, RegDeleteValueW, RegOpenKeyExW, RegSetValueExW, RegCloseKey
> ole32.dll: CoInitializeEx, CoCreateInstance, CoTaskMemFree, CoUninitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer




dritte: C:\WINDOWS\system32\msxml71.dll

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.10.18.0 2008.10.17 -
AntiVir 7.9.0.5 2008.10.17 -
Authentium 5.1.0.4 2008.10.17 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.17 Downloader.Zlob.AEXM
BitDefender 7.2 2008.10.17 -
CAT-QuickHeal 9.50 2008.10.17 TrojanDownloader.Renos.y
ClamAV 0.93.1 2008.10.17 -
DrWeb 4.44.0.09170 2008.10.17 Trojan.Siggen.327
eSafe 7.0.17.0 2008.10.16 Suspicious File
eTrust-Vet 31.6.6153 2008.10.17 -
Ewido 4.0 2008.10.17 -
F-Prot 4.4.4.56 2008.10.16 -
F-Secure 8.0.14332.0 2008.10.17 -
Fortinet 3.113.0.0 2008.10.17 -
GData 19 2008.10.17 -
Ikarus T3.1.1.44.0 2008.10.17 AdWare.BHO.aes
K7AntiVirus 7.10.498 2008.10.17 -
Kaspersky 7.0.0.125 2008.10.17 -
McAfee 5407 2008.10.16 -
Microsoft 1.4005 2008.10.17 TrojanDownloader:Win32/Renos.Y
NOD32 3532 2008.10.17 -
Norman 5.80.02 2008.10.16 -
Panda 9.0.0.4 2008.10.17 Suspicious file
PCTools 4.4.2.0 2008.10.17 -
Prevx1 V2 2008.10.17 Fraudulent Security Program
Rising 20.66.42.00 2008.10.17 -
SecureWeb-Gateway 6.7.6 2008.10.17 -
Sophos 4.34.0 2008.10.17 -
Sunbelt 3.1.1730.1 2008.10.17 -
Symantec 10 2008.10.17 Trojan Horse
TheHacker 6.3.1.0.116 2008.10.16 -
TrendMicro 8.700.0.1004 2008.10.17 PAK_Generic.001
VBA32 3.12.8.7 2008.10.16 -
ViRobot 2008.10.17.1425 2008.10.17 -
VirusBuster 4.5.11.0 2008.10.17 -
weitere Informationen
File size: 79876 bytes
MD5...: be4ec9d0f0eb53c1e0a8b808f87931c5
SHA1..: 77c797aca1748ffef77070c55cb13bbebd5065bb
SHA256: 806a390ba7508ebe734e479f1123c218912d9407d35aa1e785e93d8a2c7d1c35
SHA512: 9a659d3c0c215162fcf5878f958ca7e4ed0d9cdfeaf282a90fa3ce42d8c392ab
7ef989e2aa80fb4c642af728307a79acd504afc783db5c5a2350c2160a41bec4
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1003adc0
timedatestamp.....: 0x48f44f82 (Tue Oct 14 07:51:30 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x27000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x28000 0x13000 0x13000 7.92 410b305b05a77692d9f3e3b79b4b906b
UPX2 0x3b000 0x1000 0x400 4.02 a6560dbe8c7806ef314a3f7599c0f049

( 12 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
> ADVAPI32.dll: RegCloseKey
> MSVCP60.dll: __Xran@std@@YAXXZ
> MSVCRT.dll: div
> ole32.dll: OleRun
> OLEAUT32.dll: -
> SHELL32.dll: SHGetSpecialFolderPathA
> SHLWAPI.dll: PathFileExistsA
> snmpapi.dll: SnmpUtilOidCpy
> urlmon.dll: IsValidURL
> USER32.dll: IsWindow
> WS2_32.dll: -

( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=6CD0E849046571F238E3017D9388F600C0850A30
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX




und: C:\DOKUME~1\Moeee\LOKALE~1\Temp\video1073.cfg.exe


Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.10.18.0 2008.10.17 -
AntiVir 7.9.0.5 2008.10.17 TR/Dldr.Zlob.gcb.1
Authentium 5.1.0.4 2008.10.17 -
Avast 4.8.1248.0 2008.10.15 Win32:Trojan-gen {Other}
AVG 8.0.0.161 2008.10.17 Downloader.Zlob_r.CR
BitDefender 7.2 2008.10.17 Trojan.Downloader.Agent.ZSH
CAT-QuickHeal 9.50 2008.10.17 TrojanDownloader.FraudLoad.vc
ClamAV 0.93.1 2008.10.17 -
DrWeb 4.44.0.09170 2008.10.17 Trojan.DownLoad.6072
eSafe 7.0.17.0 2008.10.16 Suspicious File
eTrust-Vet 31.6.6153 2008.10.17 -
Ewido 4.0 2008.10.17 -
F-Prot 4.4.4.56 2008.10.16 -
F-Secure 8.0.14332.0 2008.10.17 Trojan-Downloader.Win32.FraudLoad.vcpa
Fortinet 3.113.0.0 2008.10.17 W32/FraudLoad.VCPA!tr.dldr
GData 19 2008.10.17 Trojan.Downloader.Agent.ZSH
Ikarus T3.1.1.44.0 2008.10.17 Trojan-Downloader.Win32.Renos.EK
K7AntiVirus 7.10.498 2008.10.17 -
Kaspersky 7.0.0.125 2008.10.17 Trojan-Downloader.Win32.FraudLoad.vcpa
McAfee 5407 2008.10.16 Generic Downloader.x
Microsoft 1.4005 2008.10.17 TrojanDownloader:Win32/Renos.EK
NOD32 3532 2008.10.17 Win32/TrojanDownloader.FakeAlert.MH
Norman 5.80.02 2008.10.16 W32/Renos.BCL
Panda 9.0.0.4 2008.10.17 -
PCTools 4.4.2.0 2008.10.17 -
Prevx1 V2 2008.10.17 Malware Dropper
Rising 20.66.42.00 2008.10.17 Trojan.Win32.Undef.rmq
SecureWeb-Gateway 6.7.6 2008.10.17 Trojan.Dldr.Zlob.gcb.1
Sophos 4.34.0 2008.10.17 -
Sunbelt 3.1.1730.1 2008.10.17 -
Symantec 10 2008.10.17 -
TheHacker 6.3.1.0.116 2008.10.16 -
TrendMicro 8.700.0.1004 2008.10.17 PAK_Generic.001
VBA32 3.12.8.7 2008.10.16 -
ViRobot 2008.10.17.1425 2008.10.17 -
VirusBuster 4.5.11.0 2008.10.17 -
weitere Informationen
File size: 78852 bytes
MD5...: 381241632852b080186046e985de4b8d
SHA1..: a7ce8fdb4c8299d18be697ea878e332fef63fb6c
SHA256: 1e946093dd5917e8c8c1d71d5839c66cd591def2204abd6f24fc35f5cf6c6d76
SHA512: ef5843c94329a0465892193e6a37bf5282ee90338b19eab8dac92ef117b61dbd
671456ffa60ff6f81e1b4f54dbe3143ac63d2d4488c61cd863fce31f81afde11
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x42fa70
timedatestamp.....: 0x48f44f56 (Tue Oct 14 07:50:46 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x1c000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x1d000 0x13000 0x12e00 7.92 c540f2033dafc59ba4d44c4a13f61d15
UPX2 0x30000 0x1000 0x200 3.91 0c9814572e02d086d8277c8ff334c4b8

( 7 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: RegEnumKeyExA
> MSVCP60.dll: __Xran@std@@YAXXZ
> MSVCRT.dll: div
> ole32.dll: OleRun
> OLEAUT32.dll: -
> snmpapi.dll: SnmpUtilOidCpy

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=58BB3DAF04794407343401D616B15700730C9C62
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPXvierte datei: C:\DOKUME~1\Moeee\LOKALE~1\Temp\video1073.cfg.exe



und noch eine: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\glwrujil\ghmbwxyr.exe


Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.10.18.0 2008.10.17 -
AntiVir 7.9.0.5 2008.10.17 TR/Dldr.Small.tbm
Authentium 5.1.0.4 2008.10.17 -
Avast 4.8.1248.0 2008.10.15 Win32:PureMorph
AVG 8.0.0.161 2008.10.17 Downloader.Generic7.BBML
BitDefender 7.2 2008.10.17 -
CAT-QuickHeal 9.50 2008.10.17 Win32.Trojan.Obfuscated.gx.3
ClamAV 0.93.1 2008.10.17 -
DrWeb 4.44.0.09170 2008.10.17 -
eSafe 7.0.17.0 2008.10.16 -
eTrust-Vet 31.6.6153 2008.10.17 -
Ewido 4.0 2008.10.17 -
F-Prot 4.4.4.56 2008.10.16 -
F-Secure 8.0.14332.0 2008.10.17 Trojan-Downloader.Win32.Obfuscated.duz
Fortinet 3.113.0.0 2008.10.17 W32/PolySmall.BP!tr
GData 19 2008.10.17 Win32:PureMorph
Ikarus T3.1.1.44.0 2008.10.17 Virus.Win32.PureMorph
K7AntiVirus 7.10.498 2008.10.17 -
Kaspersky 7.0.0.125 2008.10.17 Trojan-Downloader.Win32.Obfuscated.duz
McAfee 5407 2008.10.16 Generic.dx
Microsoft 1.4005 2008.10.17 Trojan:Win32/Busky.EM
NOD32 3532 2008.10.17 Win32/TrojanDownloader.FakeAlert.IQ
Norman 5.80.02 2008.10.16 -
Panda 9.0.0.4 2008.10.17 -
PCTools 4.4.2.0 2008.10.17 -
Prevx1 V2 2008.10.17 Fraudulent Security Program
Rising 20.66.42.00 2008.10.17 -
SecureWeb-Gateway 6.7.6 2008.10.17 Trojan.Dldr.Small.tbm
Sophos 4.34.0 2008.10.17 Mal/EncPk-DG
Sunbelt 3.1.1730.1 2008.10.17 -
Symantec 10 2008.10.17 Packed.Generic.182
TheHacker 6.3.1.0.116 2008.10.16 -
TrendMicro 8.700.0.1004 2008.10.17 -
VBA32 3.12.8.7 2008.10.16 -
ViRobot 2008.10.17.1425 2008.10.17 Trojan.Win32.Downloader.61440.FV
VirusBuster 4.5.11.0 2008.10.17 -
weitere Informationen
File size: 61440 bytes
MD5...: 9f379af1c1783107d257f8cc1e56567f
SHA1..: 92c7ca1f9204edf04a823cca5a7f5ef389e2f432
SHA256: be9352733e5f88d2aa5624e33566fcb70714da602148d871cef0859da537a7b5
SHA512: e9efc278787c305f7814f1d64a4eebc99eb7ac7b91e6ef2bfde32ce3b846ae4c
73033489607084705d68264edd8a460a14c7eee0cb19c132a7db6ff04539f43f
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40b096
timedatestamp.....: 0x48f3fd9b (Tue Oct 14 02:02:03 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xb564 0xc000 6.19 3cf0fe0e48cfbe27f8b3d734d4eb6e1b
.rdata 0xd000 0x35e 0x1000 1.48 133e5a3ef09222edcae053071501f0d3
.data 0xe000 0x464 0x1000 0.31 f002fb76093781767e7457665513634c

( 1 imports )
> KERNEL32.dll: CreateFileW, GlobalFree, MulDiv, CancelWaitableTimer, SetCurrentDirectoryW, GetCurrentThread, QueryDosDeviceW, LoadLibraryA, Sleep, LockResource, InterlockedDecrement, WaitForMultipleObjects, GlobalLock, ReadFile, GetProcAddress, VirtualFree, WideCharToMultiByte, InterlockedIncrement, SetThreadPriority, FreeResource, GetUserDefaultLangID, lstrlenW, FindFirstFileW, WritePrivateProfileStringW, GlobalAddAtomW, FindNextFileW, MoveFileW, CreateEventW, GetLocalTime, GetDriveTypeW, GetCurrentProcessId

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=1712303600C7BAC2F04D00533D64B90066C8B088
__________________
Alt 17.10.2008, 17:24   #4
moeeee
 
Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk" - Standard

Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk"


Malwarebytes' Anti-Malware 1.29
Datenbank Version: 1278
Windows 5.1.2600 Service Pack 3

17.10.2008 18:09:21
mbam-log-2008-10-17 (18-09-21).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 129287
Laufzeit: 41 minute(s), 20 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 29
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 4
Infizierte Dateien: 66

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programme\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\System Volume Information\_restore{576D7B26-A37B-49D1-8F26-068B3BC56CE5}\RP2\A0000029.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Programme\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Programme\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.

Alt 17.10.2008, 17:25   #5
moeeee
 
Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk" - Standard

Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk"


Logfile of random's system information tool 1.04 (written by random/random)
Run by Moeee at 2008-10-17 18:22:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 79 GB (86%) free of 92 GB
Total RAM: 2046 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:33, on 17.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programme\Samsung\Samsung EDS\EDSAgent.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\RocketDock\RocketDock.exe
C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\GetRight\GetRight.exe
C:\Programme\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Programme\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\Programme\OpenOffice.org 2.4\program\soffice.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programme\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Moeee\Desktop\RSIT.exe
C:\Dokumente und Einstellungen\Moeee\Desktop\Moeee.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programme\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EDS] C:\Programme\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVStation Premium 3.75] "C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe" /start
O4 - HKLM\..\Run: [MagicKeyboard] C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Programme\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Programme\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GetRight.lnk = C:\Programme\GetRight\GetRight.exe
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF15257F-FF26-4F1B-8519-B2C51D9EF4CB}: NameServer = 192.168.0.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED013442-6CDE-4A2E-B4DE-7E00CF98AF7F}: NameServer = 192.168.19.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe

--
End of file - 8232 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
IE to GetRight Helper - C:\Programme\GetRight\xx2gr.dll [2007-07-18 246848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-06 16380416]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
""= []
"EDS"=C:\Programme\Samsung\Samsung EDS\EDSAgent.exe [2007-01-11 634880]
"SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2005-12-07 761947]
"AVStation Premium 3.75"=C:\Programme\Samsung\AVStation Premium 3.75\AVSAgent.exe [2007-04-12 163840]
"MagicKeyboard"=C:\Programme\SAMSUNG\MagicKBD\PreMKBD.exe [2006-05-14 151552]
"RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2006-08-16 45056]
"DMHotKey"=C:\Programme\Samsung\Easy Display Manager\DMLoader.exe [2006-12-27 466944]
"BatteryManager"=C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe [2007-07-31 2764800]
"avgnt"=C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-19 266497]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"RocketDock"=C:\Programme\RocketDock\RocketDock.exe [2007-09-02 495616]
"AnyDVD"=C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe [2008-09-09 2182080]
"Sony Ericsson PC Suite"=C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 360448]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
GetRight.lnk - C:\Programme\GetRight\GetRight.exe

C:\Dokumente und Einstellungen\Moeee\Startmenü\Programme\Autostart
OpenOffice.org 2.4.lnk - C:\Programme\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-08-21 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programme\Internet Explorer\IEXPLORE.EXE"="C:\Programme\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*isabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*isabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Miranda IM\miranda32.exe"="C:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Programme\Miranda IM\alt\Miranda IM\miranda32.exe"="C:\Programme\Miranda IM\alt\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Miranda ME RC3\miranda32.exe"="D:\Miranda ME RC3\miranda32.exe:*:Enabled:Miranda IM"
"C:\Programme\Opera\opera.exe"="C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Programme\Winamp Remote\bin\Orb.exe"="C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Programme\Winamp Remote\bin\OrbTray.exe"="C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Miranda-Im\Miranda IM\miranda32.exe"="C:\Miranda-Im\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\xchat\xchat.exe"="C:\Programme\xchat\xchat.exe:*:Enabled:XChat IRC Client"
"D:\miranda-im-v0.7.10-unicode\Miranda IM\miranda32.exe"="D:\miranda-im-v0.7.10-unicode\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"D:\Miranda_ME_RC3\Miranda ME RC3\miranda32.exe"="D:\Miranda_ME_RC3\Miranda ME RC3\miranda32.exe:*:Enabled:Miranda IM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48c14d82-98c8-11dc-b164-0013773f7ca3}]
shell\AutoRun\command - F:\LaunchU3.exe


======File associations======

.js - open - "C:\Programme\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-10-17 18:12:39 ----D---- C:\rsit
2008-10-17 17:26:15 ----D---- C:\Dokumente und Einstellungen\Moeee\Anwendungsdaten\Malwarebytes
2008-10-17 17:26:10 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2008-10-17 17:26:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-10-17 16:43:43 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-10-17 10:01:39 ----A---- C:\WINDOWS\system32\yiW8hQ1y.exe
2008-10-16 10:26:19 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-15 17:49:21 ----D---- C:\Programme\CCleaner
2008-10-14 12:27:36 ----A---- C:\WINDOWS\system32\argvsrembn.exe
2008-09-25 17:05:34 ----D---- C:\Dokumente und Einstellungen\Moeee\Anwendungsdaten\Help
2008-09-24 16:23:01 ----D---- C:\Dokumente und Einstellungen\Moeee\Anwendungsdaten\dvdcss
2008-09-21 22:44:00 ----D---- C:\Dokumente und Einstellungen\Moeee\Anwendungsdaten\MyPhoneExplorer
2008-09-21 22:43:57 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-09-21 22:43:55 ----D---- C:\Programme\MyPhoneExplorer
2008-09-21 22:33:25 ----D---- C:\Programme\Avanquest update
2008-09-21 22:33:25 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
2008-09-21 22:32:39 ----D---- C:\Programme\Sony Ericsson
2008-09-21 22:32:39 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony Ericsson
2008-09-18 18:59:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft
2008-09-18 18:53:19 ----D---- C:\Programme\SlySoft

======List of files/folders modified in the last 1 months======

2008-10-17 18:20:55 ----D---- C:\Programme\Mozilla Firefox
2008-10-17 18:19:49 ----D---- C:\WINDOWS\Temp
2008-10-17 18:19:36 ----D---- C:\Dokumente und Einstellungen\Moeee\Anwendungsdaten\OpenOffice.org2
2008-10-17 18:19:34 ----SH---- C:\cj.ini
2008-10-17 18:19:03 ----D---- C:\WINDOWS\system32\drivers
2008-10-17 18:19:03 ----AD---- C:\WINDOWS
2008-10-17 18:18:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-17 18:09:21 ----RD---- C:\Programme
2008-10-17 18:09:21 ----D---- C:\WINDOWS\system32
2008-10-17 18:00:50 ----D---- C:\WINDOWS\Prefetch
2008-10-17 10:46:28 ----D---- C:\Programme\Mozilla Thunderbird
2008-10-17 10:01:40 ----SD---- C:\WINDOWS\Tasks
2008-10-16 10:11:16 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-15 18:05:37 ----SHD---- C:\System Volume Information
2008-10-15 18:05:37 ----D---- C:\WINDOWS\system32\Restore
2008-10-15 17:59:27 ----D---- C:\WINDOWS\Debug
2008-10-15 17:34:58 ----HD---- C:\WINDOWS\inf
2008-10-15 17:34:39 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-15 17:33:31 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-11 18:47:26 ----D---- C:\Dokumente und Einstellungen\Moeee\Anwendungsdaten\foobar2000
2008-10-07 20:33:08 ----D---- C:\Dokumente und Einstellungen\Moeee\Anwendungsdaten\GetRight
2008-09-25 17:05:34 ----D---- C:\WINDOWS\Help
2008-09-21 22:33:25 ----HD---- C:\Programme\InstallShield Installation Information
2008-09-21 22:33:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-09-18 22:42:25 ----D---- C:\Dokumente und Einstellungen\Moeee\Anwendungsdaten\X-Chat 2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-07-19 75072]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2008-05-10 223424]
R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-11-29 1161888]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-09-04 99648]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-08-22 2372096]
R3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-11 156160]
R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-11-28 863402]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-10-15 67672]
R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DNSeFilter;DNSeFilter; C:\WINDOWS\system32\drivers\SamsungEDS.sys [2006-10-12 28160]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-10 4449280]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
R3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
R3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
R3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
R3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
R3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
R3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-07 191936]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB-Videogerät (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NETw4x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-27 2203520]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SUEPD;SUE NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\SUE_PD.sys [2005-05-24 19840]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-08-25 249856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []


Alt 17.10.2008, 17:27   #6
moeeee
 
Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk" - Standard

Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk"


======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Planer; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-07-19 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-08-15 149761]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-08-21 483328]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-12-11 266295]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2006-06-20 49152]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 Samsung Update Plus;Samsung Update Plus; C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2006-11-13 73728]
R2 SNM WLAN Service;SNM WLAN Service; C:\Programme\samsung\Samsung Network Manager\SNMWLANService.exe [2005-05-28 36864]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-31 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-13 654848]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLWriter;SQL Server VSS Writer; C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server-Browser; C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416]

-----------------EOF-----------------

Antwort

Themen zu Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk"
agere systems, antivirus, avira, backdoor, bho, bitte um hilfe, bonjour, browser, c.exe, computer, desktop, firefox, google, helper, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, logfile, mozilla, programm, senden, software, system, trojan, warnmeldungen, windows, windows xp


« Die Meldung - You computer is infacted! - geht nicht weg was mach ich nur ??? | Brauche HILFE - Mein Kaspersky meldet nichts, Antivir HEUR/Crypted »


Ähnliche Themen: Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk"


  1. "TR/Dldr.Agent.1169920.4 in c:\windows\temp\db22.exe" & "ADWARE\InstallCore.771128 in c:\Users\Julian\Downloads\openal-2.0.7.0.exe"
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (9)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  4. "Antiviren Werbung" "Langsamer PC" "PC stürzt ab" Banner und Popups beim surfen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (28)
  5. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  6. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  7. Malwarereinigung: "TR/Kazy.25747.40", "Trojan.Downloader..." und "Backdoor: Win32Cycbot.B"
    Log-Analyse und Auswertung - 09.06.2011 (1)
  8. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  9. Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Alles rund um Windows - 16.04.2011 (0)
  10. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  11. 3 Trojaner! "TR/Renos.214528", "TR/Dldr.Zlob.caz" und "TR/Dldr.Zlob.cay"
    Plagegeister aller Art und deren Bekämpfung - 30.04.2010 (12)
  12. Trojaner "Backdoor.Bifrose" ,Fund durch "Spyware Doctor"
    Plagegeister aller Art und deren Bekämpfung - 27.01.2010 (9)
  13. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  14. "error cleaner" "privacy protector" "spyware&malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (7)
  15. "error cleaner" "privacy protector" "spyware und malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (2)
  16. Beheben des Problems "kein Internet"/"rsvp32_2.dll"/"Can't load library from memory"
    Plagegeister aller Art und deren Bekämpfung - 25.03.2007 (22)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk" - Hi, also, Antivirus hat schon zwei Warnmeldungen rausgegeben. Aber das Programm selber konnte es nicht löschen bzw in Quarantäne verschieben! Die genauen Fehlermeldungen waren folgende: Einmal: In der Datei 'C:\Dokumente - Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk"...
Archiv
Du betrachtest: Backdoor "TR/DelSelf.H" und "TR/Dldr.FraudL.vahk" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19